Hi all. From the AWS console, it’s easy to create a new IAM Role with an AWS service as a trusted entity, without having to type in a trust policy document. However, I’m having trouble figuring out how to do this in Pulumi — every example has the trusted entities policy document as a string literal (into assumeRolePolicy). This is very undesirable, as it essentially requires that you create the Role by hand first, using the AWS console, so that you know what the Service name needs to be. Is there any way to just have Pulumi look this up automatically like the console does?
Thanks for the list! However, my hope was to avoid having to look up these names at all, and be able to discover them easily within Pulumi’s library (i.e., as a predefined constant or something).
06/01/2022, 8:59 PM
Hmm... I'm not aware of anything like that. Seems like a good idea. At the rate AWS add new services, it'll probably need a lot of maintenance, but the most popular 20 services probably account for 99% of uses...