icy-controller-6092
02/26/2023, 6:37 AMbillowy-army-68599
02/26/2023, 5:02 PMicy-controller-6092
02/26/2023, 11:58 PMbillowy-army-68599
02/27/2023, 12:01 AMconst role = new aws.iam.Role("role", {
name: "myRole"
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Sid: "",
Effect: "Allow",
Principal: {
AWS: ""arn:aws:iam::123456789012:role/myRole""
},
Action: "sts:AssumeRole",
},
],
}),
managedPolicyArns: [ "arn:aws:iam::aws:policy/AdministratorAccess" ],
});
icy-controller-6092
02/27/2023, 12:02 AMnew aws.iam.Role('xyz',…
and then arn:aws:iam::123:role/xyz-*
?billowy-army-68599
02/27/2023, 12:03 AMicy-controller-6092
02/27/2023, 2:35 AMpulumi.getStack()
to the end of the nameup
then uncomment and run up
againbillowy-army-68599
02/27/2023, 4:27 AMicy-controller-6092
02/27/2023, 4:39 AMassumeRolePolicy
aka ‘trust relationships’ and I don’t think this type of policy supports lazy attachment (unlike inline/managed)billowy-army-68599
02/27/2023, 4:50 AM