flat-byte-25499
01/20/2023, 4:21 PMcreate_account
that returns an Output object (aws.organizations.Account).
I'm then trying to pass the account id to another function because I need to render its value in json templates for IAM policies. Here is how I'm currently doing it:
config = pulumi.Config()
region = config.require('region')
name = config.require('name')
account = create_account(region=region, name=name)
account.id.apply(lambda account_id: create_iam_roles(account_id=account_id))
This is working perfectly but if I understood right, this is not a good practice to create resources in the apply. I saw in the doc that I should be able to pass this argument like below but it throws an error when I try to manipulate it as a string:
create_iam_roles(account_id=account.id.apply(lambda account_id: f"{account.id}))
Here is the manipulation I need to do with this string in the create_iam_roles
function. Is there anything I miss?
#opening policy file
template_policy = file.read()
policy = json.loads(template_policy)
policy['Statement'][0]['Principal']['AWS'] = f"arn:aws:iam::{account_id}:root"
role = awsnative.iam.Role(
assume_role_policy_document=policy,
....
)
Thank you!echoing-dinner-19531
01/21/2023, 1:39 PMpulumi.Output.format
instead, it works pretty much the same as the normal python format method but will handle any arguments that are outputs:
policy['Statement'][0]['Principal']['AWS'] = Output.format("arn:aws:iam::{0}:root", account.id)
flat-byte-25499
01/23/2023, 1:33 PM