Hey everyone :slightly_smiling_face:
I'm trying t...
# awsr
rich-branch-48115
01/08/2023, 1:56 PMHey everyone 🙂
I'm trying to create
pulumi_aws.iam.Roleoutput[str] Copy code
def _create_iam_role_with_policies(
self,
role_name: str,
policies_arns: list[str],
client_name: str,
is_authenticated: bool,
identity_pool: pulumi_aws.cognito.IdentityPool,
):
role = pulumi_aws.iam.Role(
resource_name=f"{role_name}",
name=role_name,
assume_role_policy=identity_pool.id.apply(
lambda id: f"""{{
"Version": "2012-10-17",
"Statement": [
{{
"Effect": "Allow",
"Principal": {{"Federated": "<http://cognito-identity.amazonaws.com|cognito-identity.amazonaws.com>"}},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {{
"StringEquals": {{
"<http://cognito-identity.amazonaws.com:aud|cognito-identity.amazonaws.com:aud>": "{id}"
}},
"ForAnyValue:StringLike": {{
"<http://cognito-identity.amazonaws.com:amr|cognito-identity.amazonaws.com:amr>": {"authenticated" if is_authenticated else "unauthenticated"}
}}
}}
}}
]
}}"""
),
tags={"client-id": client_name},
opts=pulumi.ResourceOptions(depends_on=[identity_pool]),
)output[str]assume_role_policyaws:iam/role:Role resource 'my_random_name' has a problem: "assume_role_policy" contains an invalid JSON: invalid character 'a' looking for beginning of value. Examine values at 'Role.AssumeRolePolicy'.output[str]assume_role_policyb
billowy-army-68599
01/08/2023, 3:10 PM
Yes, you have to use an apply
s
stocky-restaurant-98004
01/09/2023, 2:31 PMExample:
Copy code
bucket_policy = aws.s3.BucketPolicy(
"my-website-bucket-policy",
bucket=bucket.id,
policy=bucket.arn.apply(
lambda arn: json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
f"{arn}/*"
]
}]
})),
)