sparse-intern-71089
02/26/2023, 6:37 AMbillowy-army-68599
icy-controller-6092
02/26/2023, 11:58 PMicy-controller-6092
02/26/2023, 11:59 PMbillowy-army-68599
const role = new aws.iam.Role("role", {
name: "myRole"
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "",
Effect: "Allow",
Principal: {
AWS: ""arn:aws:iam::123456789012:role/myRole""
},
Action: "sts:AssumeRole",
},
],
}),
managedPolicyArns: [ "arn:aws:iam::aws:policy/AdministratorAccess" ],
});
icy-controller-6092
02/27/2023, 12:02 AMnew aws.iam.Role('xyz',…
and then arn:aws:iam::123:role/xyz-*
?icy-controller-6092
02/27/2023, 12:03 AMbillowy-army-68599
icy-controller-6092
02/27/2023, 2:35 AMpulumi.getStack()
to the end of the nameicy-controller-6092
02/27/2023, 3:59 AMup
then uncomment and run up
againbillowy-army-68599
icy-controller-6092
02/27/2023, 4:39 AMassumeRolePolicy
aka ‘trust relationships’ and I don’t think this type of policy supports lazy attachment (unlike inline/managed)icy-controller-6092
02/27/2023, 4:42 AMbillowy-army-68599
billowy-army-68599
hallowed-fireman-90476
04/10/2024, 10:43 AMicy-controller-6092
04/10/2024, 12:22 PMhallowed-fireman-90476
04/10/2024, 1:31 PMhallowed-fireman-90476
04/10/2024, 1:32 PMdef public_read_policy_for_bucket(role_arn=None):
if role_arn is None:
return json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL"
]
},
"Action": "sts:AssumeRole",
"Condition": {"StringEquals": {"sts:ExternalId": test}},
}
],
}
)
else:
return Output.json_dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::414351767826:role/unity-catalog-prod-UCMasterRole-14S5ZJVKOTYTL",
Output.format(role_arn),
]
},
"Action": "sts:AssumeRole",
"Condition": {"StringEquals": {"sts:ExternalId": test}},
}
],
}
)
role = aws.iam.Role(
resource_name="Creating role for the Databricks metastore credentials",
name="venkat-test-role",
assume_role_policy=public_read_policy_for_bucket(),
description="Grants Databricks metastore access to the root bucket",
)
aws.iam.Role(
resource_name="Updating the Databricks metastore credentials 1",
name="venkat-test-role",
assume_role_policy=public_read_policy_for_bucket(role.arn),
opts=pulumi.ResourceOptions( replace_on_changes=["*"], delete_before_replace=False),
)
The error i am getting the role is already exist