No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I'm currently creating the bucket then looking up the IAM policy and setting it again with amendments. Seems contrived, and it means that Pulumi gets upset if the bucket doesn't exist

It shouldn’t be a problem - if you create a bucket using pulumi and pass the created `Bucket` object (in TS/python etc.) to the next object (`BucketIAMBinding`), it should implicitly create a dependency graph. In other words, bucket must exist before the code responsible for setting up IAM is executed:

```    bucket_name = "my-bucket-name"

    bucket = gcp.storage.Bucket(
        bucket_name,
        location="EU",
        uniform_bucket_level_access=True,
    )
    gcp.storage.BucketIAMBinding(
        f"{bucket_name}-allusers-storage-legacyobjectreader",
=&gt;      bucket=bucket.name,
        role="roles/storage.legacyObjectReader",
        members=["allUsers"],
    )```

Additionally, take a closer look at the differences among: `BucketIAMPolicy`, `BucketIAMBinding` and `BucketIAMMember`, especially the part regarding authoritative vs non-authoritative:
<https://www.pulumi.com/registry/packages/gcp/api-docs/storage/bucketiambinding/#bucketiambinding>

I'm not sure all of these are present in the new `gcp-native` provider are they?

I might just roll back to the `gcp` one until I'm sure about this

Oh… I have no experience with `gcp-native` so I won’t help with that. I’m still using classic gcp provider.

I've done it ages ago with the old `gcp` one, but we never used that pulumi stack in the end

I'll switch back anyways. I'd rather roll with something I know works and hopefully docs, etc. will improve on the new one