i wrote this dynamic provider so we can build policies dynamically as we add resources that share a KMS key. is this a bad idea? 😅

It’s not so much that it’s a bad idea than do you really need to use a dynamic provider here? In other words, could you use a normal function to which you pass args and get back a dynamic policy in a similar fashion? Dynamic providers are especially useful when you want to leverage the resource CRUD lifecycle for something that cannot be achieved by using the resources in a provider. For example, say, you want to create some other resource that Pulumi doesn’t recognize but you want to manage its lifecycle (i.e. creation, update, deletion) via Pulumi and have the lifecycle depend on another resource. That doesn’t mean you shouldn’t use dynamic provider to do other things. Perhaps, I haven’t fully understand your use case.

yeah that’s what i was curious about.. i’m really just using the dynamic provider to generate the final policy document at provisioning time