https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
v
Sounds like you might need to import the existing IAM role and policy, then you can amend it and apply it. https://www.pulumi.com/registry/packages/aws/api-docs/iam/role/#import
Copy code
pulumi import aws:iam/role:Role desired-pulumi-reference-name aws-iam-role-name
that adds the existing role to your current pulumi stack, from there you can modify/amend the role using pulumi 🙂 hope this solves it for you
r
Hi, thanks for the feedback! I’m quite new to pulumi and so doesn’t grasp all concepts just yet. I want to update the trust relationship of an already existing role (that was not created by pulumi). I’m confused about the API not providing any functions for updating iam resources. I can only see “GetX”, “LookupX” and “NewX” functions, but not any functions indicating updates of iam resources. I’m thinking “AWS allows us to update trust relationships, so why shouldn’t pulumi?“. I’m sure pulumi allows me to do this, but I don’t know how…
v
So Pulumi will have no knowledge of the IAM role, as pulumi didnt create it, similar to terraform. If you import the existing resource to your stack, you can then modify it as desired with pulumi
you can fetch the IAM role with get, lookup etc, then using the arn of that request, could attach a new policy to the role. if you want to manage the role with pulumi, you will need to import the resource to the stack, or alternatively, write the pulumi code to recreate it
also bear in mind, you would need a pulumi stack in the destination account to do this
r
Thank you so much for your response! Very helpful
v
no problem! feel free to message me if you need anything else 🙂
🙏 2
3 Views
Open in Slack
PreviousNext
Powered by