1. create KMS key
2. create bucket using KMS key
3. add bucket policy which grants RW access which in turns updates the KMS key policy
4. add SQS queue using KMS key
5. add queue policy which grants RW access which in turn updates the KMS key policy
03/08/2021, 4:45 PM
It’s not so much that it’s a bad idea than do you really need to use a dynamic provider here? In other words, could you use a normal function to which you pass args and get back a dynamic policy in a similar fashion? Dynamic providers are especially useful when you want to leverage the resource CRUD lifecycle for something that cannot be achieved by using the resources in a provider. For example, say, you want to create some other resource that Pulumi doesn’t recognize but you want to manage its lifecycle (i.e. creation, update, deletion) via Pulumi and have the lifecycle depend on another resource. That doesn’t mean you shouldn’t use dynamic provider to do other things. Perhaps, I haven’t fully understand your use case.
03/08/2021, 5:58 PM
yeah that’s what i was curious about.. i’m really just using the dynamic provider to generate the final policy document at provisioning time
this frees the developer of tracking when the “last” resource needed to update the key policy
is there another way to trigger something at create/update time?