sparse-intern-71089
05/19/2022, 9:52 AMprehistoric-ram-58389
05/19/2022, 9:52 AMconst minilake = new aws.s3.Bucket(...)
const singularityInstanceRole = new aws.iam.Role("singularityInstanceRole", {
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Effect: "Allow",
Principal: {
Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
}
}
]
}),
inlinePolicies: [
{
name: "access-to-s3-minilake",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: ["s3:*"],
Effect: "Allow",
Resource: minilake.arn
}]
})
}
]
})
prehistoric-ram-58389
05/19/2022, 9:55 AMerror: 1 error occurred:
* updating urn:pulumi:dev::singularity::aws:iam/role:Role::singularityInstanceRole: 1 error occurred:
* 1 error occurred:
* creating inline policy (access-to-s3-minilake): MalformedPolicyDocument: Partition "
1" is not valid for resource "arn:
1: o.apply(v => v.toJSON())
2: o.apply(v => JSON.stringify(v))
prehistoric-ram-58389
05/19/2022, 9:55 AMminilake.arn
does not return a string, but an Output<string>, and when I use .get()
, I get another error.full-artist-27215
05/19/2022, 2:07 PMminilake.arn.apply(SOME_LAMBDA_THAT_MAKES_YOUR_JSON)
... here's a real-world example from one of my projects: https://github.com/grapl-security/grapl/blob/28c14054d0b86c8d6afdd0c92b80ca1924c76294/pulumi/infra/queue_policy.py#L12-L42 (granted, this is Python, but the same principle applies)full-artist-27215
05/19/2022, 2:09 PMprehistoric-ram-58389
05/19/2022, 7:00 PMfull-artist-27215
05/19/2022, 7:01 PMfull-artist-27215
05/19/2022, 7:07 PMOutput.all
if you need multiple outputs in a policy, as in https://github.com/grapl-security/grapl/blob/28c14054d0b86c8d6afdd0c92b80ca1924c76294/pulumi/infra/queue_policy.py#L50prehistoric-ram-58389
05/20/2022, 7:36 AMOutput.all
is what I am using right now. I was about to have another question to use all three outputs at the same time, and this already answered that 😄