``` const instanceAssumeRolePolicyDocument = aws.iam.getPolicyDocument({
statements: [
...
m
most-lighter-95902
06/23/2022, 3:38 AM Copy code
const instanceAssumeRolePolicyDocument = aws.iam.getPolicyDocument({
statements: [
{
actions: ['sts:AssumeRole'],
principals: [
{
type: 'Service',
identifiers: ['<http://ec2.amazonaws.com|ec2.amazonaws.com>'],
},
],
},
],
})
const oidcAssumeRolePolicyDocument = pulumi
.all([clusterOidcProviderUrl, clusterOidcProviderArn])
.apply(([url, arn]) =>
aws.iam.getPolicyDocument({
statements: [
{
effect: 'Allow',
actions: ['sts:AssumeRoleWithWebIdentity'],
principals: [
{
type: 'Federated',
identifiers: [arn],
},
],
conditions: [
{
test: 'StringEquals',
variable: `${url.replace('https://', '')}:aud`,
values: [`<http://sts.amazonaws.com|sts.amazonaws.com>`],
},
],
},
],
})
)2 Views
Pulumi Community
No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.
Powered by