Here is the Role that I want to create

const minilake = new aws.s3.Bucket(...)

const singularityInstanceRole = new aws.iam.Role("singularityInstanceRole", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Action: "sts:AssumeRole",
                Effect: "Allow",
                Principal: {
                    Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
                }
            }
        ]
    }),
    inlinePolicies: [
        {
            name: "access-to-s3-minilake",
            policy: JSON.stringify({
                Version: "2012-10-17",
                Statement: [{
                    Action: ["s3:*"],
                    Effect: "Allow",
                    Resource: minilake.arn
                }]
            })
        }
    ]
})

This is giving me an error

error: 1 error occurred:
        * updating urn:pulumi:dev::singularity::aws:iam/role:Role::singularityInstanceRole: 1 error occurred:
        * 1 error occurred:
        * creating inline policy (access-to-s3-minilake): MalformedPolicyDocument: Partition "
        1" is not valid for resource "arn:
        1: o.apply(v => v.toJSON())
        2: o.apply(v => JSON.stringify(v))

From what I can tell,

minilake.arn

does not return a string, but an Output<string>, and when I use

.get()

, I get another error.

You'll want to bookmark https://www.pulumi.com/docs/intro/concepts/inputs-outputs/... in my experience working with Pulumi (and watching and helping others on my team learn it) sorting out how to deal with outputs effectively has been the trickiest thing.

@prehistoric-ram-58389 make sure to also check out

Output.all

if you need multiple outputs in a policy, as in https://github.com/grapl-security/grapl/blob/28c14054d0b86c8d6afdd0c92b80ca1924c76294/pulumi/infra/queue_policy.py#L50