rich-branch-48115
01/08/2023, 1:56 PMpulumi_aws.iam.Role
that it's assume_role_policy uses an output[str]
value in the json.
def _create_iam_role_with_policies(
self,
role_name: str,
policies_arns: list[str],
client_name: str,
is_authenticated: bool,
identity_pool: pulumi_aws.cognito.IdentityPool,
):
role = pulumi_aws.iam.Role(
resource_name=f"{role_name}",
name=role_name,
assume_role_policy=identity_pool.id.apply(
lambda id: f"""{{
"Version": "2012-10-17",
"Statement": [
{{
"Effect": "Allow",
"Principal": {{"Federated": "<http://cognito-identity.amazonaws.com|cognito-identity.amazonaws.com>"}},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {{
"StringEquals": {{
"<http://cognito-identity.amazonaws.com:aud|cognito-identity.amazonaws.com:aud>": "{id}"
}},
"ForAnyValue:StringLike": {{
"<http://cognito-identity.amazonaws.com:amr|cognito-identity.amazonaws.com:amr>": {"authenticated" if is_authenticated else "unauthenticated"}
}}
}}
}}
]
}}"""
),
tags={"client-id": client_name},
opts=pulumi.ResourceOptions(depends_on=[identity_pool]),
)
I'm getting an error for an invalid json, I guess that it relates to the usage of an output[str]
within assume_role_policy
that uses the identity_pool_id. The error I'm getting is: aws:iam/role:Role resource 'my_random_name' has a problem: "assume_role_policy" contains an invalid JSON: invalid character 'a' looking for beginning of value. Examine values at 'Role.AssumeRolePolicy'.
Is there a way to use output[str]
in assume_role_policy
?billowy-army-68599
01/08/2023, 3:10 PMstocky-restaurant-98004
01/09/2023, 2:31 PMbucket_policy = aws.s3.BucketPolicy(
"my-website-bucket-policy",
bucket=bucket.id,
policy=bucket.arn.apply(
lambda arn: json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
f"{arn}/*"
]
}]
})),
)