This message was deleted.

sparse-intern-71089

11/28/2022, 4:34 PM

This message was deleted.

billowy-army-68599

11/28/2022, 4:42 PM

how did you try doing it with

apply

- you need to invoke apply and interpolate in the correct place, there are examples here https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/s3-cloudfront/index.ts#L50-L66

👀 1

lively-needle-84406

11/28/2022, 4:57 PM

Thanks @billowy-army-68599 I have attempted this again using the

apply

example.

Copy code

export const clusterAutoScalingPolicy = new aws.iam.Policy("clusterAutoScalingPolicy", {
    policy: pulumi
        .all([cluster.core.cluster.name])
        .apply(([clusterName]) => {
            JSON.stringify({
                Version: "2012-10-17",
                Statement: [
                    {
                        Sid: "VisualEditor0",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:SetDesiredCapacity",
                            "autoscaling:TerminateInstanceInAutoScalingGroup"
                        ],
                        Resource: "*",
                        Condition: {
                            StringEquals: {
                                [clusterName]: "owned"
                            }
                        }
                    },
                    {
                        Sid: "VisualEditor1",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:DescribeAutoScalingInstances",
                            "autoscaling:DescribeAutoScalingGroups",
                            "ec2:DescribeLaunchTemplateVersions",
                            "autoscaling:DescribeTags",
                            "autoscaling:DescribeLaunchConfigurations"
                        ],
                        Resource: "*"
                    }
                ]
            })
        })
}, {
    dependsOn: [cluster]
});

I like this method, but the issue is that the policy argument for

aws.iam.Policy

needs to be of type

string | PolicyDocument

, But, the response of

pulumi.all.apply

is of type

OutputInstance<void>

. Any ideas of how to resolve the type conflict?

billowy-army-68599

11/28/2022, 5:00 PM

cast it: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/s3-cloudfront/index.ts#L65

lively-needle-84406

11/28/2022, 6:00 PM

@billowy-army-68599 After casting, I am getting the following error:

Copy code

error: aws:iam/policy:Policy resource 'clusterAutoScalingPolicy' has a problem: Missing required argument: The argument "policy" is required, but no definition was found.. Examine values at 'Policy.Policy'.

Code:

Copy code

export const clusterAutoScalingPolicy = new aws.iam.Policy("clusterAutoScalingPolicy", {
    policy: pulumi
        .all([cluster.core.cluster.name])
        .apply(([clusterName]) => {
            JSON.stringify({
                Version: "2012-10-17",
                Statement: [
                    {
                        Sid: "VisualEditor0",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:SetDesiredCapacity",
                            "autoscaling:TerminateInstanceInAutoScalingGroup"
                        ],
                        Resource: "*",
                        Condition: {
                            StringEquals: {
                                [`aws:ResourceTag/k8s.io/cluster-autoscaler/${clusterName}`]: "owned"
                            }
                        }
                    },
                    {
                        Sid: "VisualEditor1",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:DescribeAutoScalingInstances",
                            "autoscaling:DescribeAutoScalingGroups",
                            "ec2:DescribeLaunchTemplateVersions",
                            "autoscaling:DescribeTags",
                            "autoscaling:DescribeLaunchConfigurations"
                        ],
                        Resource: "*"
                    }
                ]
            })
        }) as unknown as aws.iam.PolicyDocument
}, {
    dependsOn: [cluster]
});

lively-needle-84406

11/28/2022, 6:01 PM

FYI - had to cast the

policy

value to unknown first because of this error:

Copy code

Conversion of type 'OutputInstance<void>' to type 'PolicyDocument' may be a mistake because neither type sufficiently overlaps with the other. If this was intentional, convert the expression to 'unknown' first.

lively-needle-84406

11/29/2022, 6:43 PM

@billowy-army-68599 Bumping this up. Still currently stuck on this with no working resolution 😕

billowy-army-68599

11/29/2022, 7:59 PM

Sorry, still on my todo list

👍 1

lively-needle-84406

12/05/2022, 4:12 PM

@billowy-army-68599 Following up on this. I could not get this working with any of the above mentioned solutions. I ended up just manually naming the cluster and using that specified cluster name in the string interpolation.

billowy-army-68599

12/06/2022, 5:27 PM

@lively-needle-84406 sorry for the delay here, I was at re:invent last week so had limited time to sit down and go through issues. Here’s the solution

Copy code

const policyDoc = cluster.core.cluster.name.apply((name) =>
  JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Sid: "VisualEditor0",
        Effect: "Allow",
        Action: [
          "autoscaling:SetDesiredCapacity",
          "autoscaling:TerminateInstanceInAutoScalingGroup",
        ],
        Resource: "*",
        Condition: {
          StringEquals: {
            [`aws:ResourceTag/k8s.io/cluster-autoscaler/${name}`]: "owned",
          },
        },
      },
      {
        Sid: "VisualEditor1",
        Effect: "Allow",
        Action: [
          "autoscaling:DescribeAutoScalingInstances",
          "autoscaling:DescribeAutoScalingGroups",
          "ec2:DescribeLaunchTemplateVersions",
          "autoscaling:DescribeTags",
          "autoscaling:DescribeLaunchConfigurations",
        ],
        Resource: "*",
      },
    ],
  })
);

export const clusterAutoScalingPolicy = new aws.iam.Policy(
  "clusterAutoScalingPolicy",
  {
    policy: policyDoc,
  }, {
    dependsOn: [cluster],
  }
);

🙌 1

260 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.