acoustic-room-2113
01/17/2022, 9:35 PMlet kmsPolicy: aws.iam.Policy;
try {
const vaultStack = new pulumi.StackReference(`vault-${env}`);
const vaultKey = vaultStack.getOutput(
"vaultKey"
) as pulumi.Output<aws.kms.Key>;
if (vaultKey != undefined && vaultKey != null) {
kmsPolicy = new aws.iam.Policy("vaultKMSUnsealPolicy", {
name: `VaultKMSUnsealKeyAccess-${env}`,
description: "Allow access to Vault Unseal Key",
policy: vaultKey.apply((key) =>
JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "VaultKMSUnseal",
Effect: "Allow",
Action: ["kms:Encrypt", "kms:Decrypt", "kms:DescribeKey"],
Resource: key.arn,
},
],
})
),
});
}
} catch (e) {
console.log(e);
}
little-cartoon-10569
01/17/2022, 9:44 PMrequireOutput()
and aborting that way?acoustic-room-2113
01/17/2022, 9:51 PMpulumi:pulumi:Stack (iam-iam.dev):
error: preview failed
pulumi:pulumi:StackReference (vault-dev):
error: Preview failed: unknown stack "vault-dev"
forceDetachPolicies
option for aws.iam.Role