Hello there! I'm struggling a bit with the usage of the apply function. I'm provisioning an AWS account with the function

create_account

that returns an Output object (aws.organizations.Account). I'm then trying to pass the account id to another function because I need to render its value in json templates for IAM policies. Here is how I'm currently doing it:

config = pulumi.Config()
region = config.require('region')
name = config.require('name')

account = create_account(region=region, name=name)

account.id.apply(lambda account_id: create_iam_roles(account_id=account_id))

This is working perfectly but if I understood right, this is not a good practice to create resources in the apply. I saw in the doc that I should be able to pass this argument like below but it throws an error when I try to manipulate it as a string:

create_iam_roles(account_id=account.id.apply(lambda account_id: f"{account.id}))

Here is the manipulation I need to do with this string in the

create_iam_roles

function. Is there anything I miss?

#opening policy file
template_policy = file.read()

policy = json.loads(template_policy)
policy['Statement'][0]['Principal']['AWS'] = f"arn:aws:iam::{account_id}:root"

role = awsnative.iam.Role(
        assume_role_policy_document=policy,
        ....
    )

Thank you!

Don't use 'f' strings with pulumi string outputs, they won't work. Use

pulumi.Output.format

instead, it works pretty much the same as the normal python format method but will handle any arguments that are outputs:

policy['Statement'][0]['Principal']['AWS'] = Output.format("arn:aws:iam::{0}:root", account.id)

I was able to make it work! Thank you very much