Hi all. From the AWS console, it’s easy to create a new IAM Role with an AWS service as a trusted entity, without having to type in a trust policy document. However, I’m having trouble figuring out how to do this in Pulumi — every example has the trusted entities policy document as a string literal (into assumeRolePolicy). This is very undesirable, as it essentially requires that you create the Role by hand first, using the AWS console, so that you know what the Service name needs to be. Is there any way to just have Pulumi look this up automatically like the console does?