https://pulumi.com logo
#general
Title
# general
p

prehistoric-ram-58389

05/19/2022, 9:52 AM
Hi, how can I use an ARN of a resource I create?
Here is the Role that I want to create
Copy code
const minilake = new aws.s3.Bucket(...)

const singularityInstanceRole = new aws.iam.Role("singularityInstanceRole", {
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Action: "sts:AssumeRole",
                Effect: "Allow",
                Principal: {
                    Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
                }
            }
        ]
    }),
    inlinePolicies: [
        {
            name: "access-to-s3-minilake",
            policy: JSON.stringify({
                Version: "2012-10-17",
                Statement: [{
                    Action: ["s3:*"],
                    Effect: "Allow",
                    Resource: minilake.arn
                }]
            })
        }
    ]
})
This is giving me an error
Copy code
error: 1 error occurred:
        * updating urn:pulumi:dev::singularity::aws:iam/role:Role::singularityInstanceRole: 1 error occurred:
        * 1 error occurred:
        * creating inline policy (access-to-s3-minilake): MalformedPolicyDocument: Partition "
        1" is not valid for resource "arn:
        1: o.apply(v => v.toJSON())
        2: o.apply(v => JSON.stringify(v))
From what I can tell,
minilake.arn
does not return a string, but an Output<string>, and when I use
.get()
, I get another error.
f

full-artist-27215

05/19/2022, 2:07 PM
You'll need to do something like
minilake.arn.apply(SOME_LAMBDA_THAT_MAKES_YOUR_JSON)
... here's a real-world example from one of my projects: https://github.com/grapl-security/grapl/blob/28c14054d0b86c8d6afdd0c92b80ca1924c76294/pulumi/infra/queue_policy.py#L12-L42 (granted, this is Python, but the same principle applies)
You'll want to bookmark https://www.pulumi.com/docs/intro/concepts/inputs-outputs/... in my experience working with Pulumi (and watching and helping others on my team learn it) sorting out how to deal with outputs effectively has been the trickiest thing.
p

prehistoric-ram-58389

05/19/2022, 7:00 PM
Thanks @full-artist-27215,this is awesome!
f

full-artist-27215

05/19/2022, 7:01 PM
No problem 😁
@prehistoric-ram-58389 make sure to also check out
Output.all
if you need multiple outputs in a policy, as in https://github.com/grapl-security/grapl/blob/28c14054d0b86c8d6afdd0c92b80ca1924c76294/pulumi/infra/queue_policy.py#L50
p

prehistoric-ram-58389

05/20/2022, 7:36 AM
Yes,
Output.all
is what I am using right now. I was about to have another question to use all three outputs at the same time, and this already answered that 😄
204 Views