https://pulumi.com logo
Title
f

flat-byte-25499

01/20/2023, 4:21 PM
Hello there! I'm struggling a bit with the usage of the apply function. I'm provisioning an AWS account with the function
create_account
that returns an Output object (aws.organizations.Account). I'm then trying to pass the account id to another function because I need to render its value in json templates for IAM policies. Here is how I'm currently doing it:
config = pulumi.Config()
region = config.require('region')
name = config.require('name')

account = create_account(region=region, name=name)

account.id.apply(lambda account_id: create_iam_roles(account_id=account_id))
This is working perfectly but if I understood right, this is not a good practice to create resources in the apply. I saw in the doc that I should be able to pass this argument like below but it throws an error when I try to manipulate it as a string:
create_iam_roles(account_id=account.id.apply(lambda account_id: f"{account.id}))
Here is the manipulation I need to do with this string in the
create_iam_roles
function. Is there anything I miss?
#opening policy file
template_policy = file.read()

policy = json.loads(template_policy)
policy['Statement'][0]['Principal']['AWS'] = f"arn:aws:iam::{account_id}:root"

role = awsnative.iam.Role(
        assume_role_policy_document=policy,
        ....
    )
Thank you!
e

echoing-dinner-19531

01/21/2023, 1:39 PM
Don't use 'f' strings with pulumi string outputs, they won't work. Use
pulumi.Output.format
instead, it works pretty much the same as the normal python format method but will handle any arguments that are outputs:
policy['Statement'][0]['Principal']['AWS'] = Output.format("arn:aws:iam::{0}:root", account.id)
f

flat-byte-25499

01/23/2023, 1:33 PM
I was able to make it work! Thank you very much