04/04/2022, 8:02 PM
ive noticed that pulumi will import AWS managed policies without issue; this raised a couple of questions in my mind. 1) isn't that problematic? you can't really change them 2) how would you normally refer to an aws-managed resource in pulumi? are there helper libs for that?


04/04/2022, 8:07 PM
There are constants for managed policies.


04/04/2022, 8:53 PM
1) Not problematic per se, since AWS won't let you change them and you'll get a normal failure.
Aside: there's a class of resources, including but not limited to AWS managed policies, that simply never need to be resources. The only thing you ever need from them are their IDs, so why import a resource using its ID if the only thing you ever get from it is its ID? I see this a fair bit in client code: someone gets (for example) a VPC ID from a stack reference, then inflates it using something like
, then uses it only to get the VPC ID. This is wasteful. Any time you're thinking of importing or inflating a resource, consider what you're likely to use it for. If it's just the ID.. don't bother!