Do not JSON.stringify policies

aws-js-s3-folder/index.js

@@ -16,7 +16,7 @@ let siteDir = "www"; // directory for content files
 // For each file in the directory, create an S3 object stored in `siteBucket`
 for (let item of require("fs").readdirSync(siteDir)) {
     let filePath = require("path").join(siteDir, item);
-    let object = new aws.s3.BucketObject(item, { 
+    let object = new aws.s3.BucketObject(item, {
         bucket: siteBucket,                               // reference the s3.Bucket object
         source: new pulumi.asset.FileAsset(filePath),     // use FileAsset to point to a file
         contentType: mime.getType(filePath) || undefined, // set the MIME type of the file
@@ -25,7 +25,7 @@ for (let item of require("fs").readdirSync(siteDir)) {
 
 // Create an S3 Bucket Policy to allow public read of all objects in bucket
 function publicReadPolicyForBucket(bucketName) {
-    return JSON.stringify({
+    return {
         Version: "2012-10-17",
         Statement: [{
             Effect: "Allow",
@@ -37,7 +37,7 @@ function publicReadPolicyForBucket(bucketName) {
                 `arn:aws:s3:::${bucketName}/*` // policy refers to bucket name explicitly
             ]
         }]
-    })
+    };
 }
 
 // Set the access policy for the bucket so all objects are readable
@@ -48,4 +48,4 @@ let bucketPolicy = new aws.s3.BucketPolicy("bucketPolicy", {
 
 // Stack exports
 exports.bucketName = siteBucket.bucket;
-exports.websiteUrl = siteBucket.websiteEndpoint; 
+exports.websiteUrl = siteBucket.websiteEndpoint;

aws-ts-resources/index.ts

@@ -188,42 +188,32 @@ const cluster = new aws.ecs.Cluster("mycluster");
 
 // IAM
 const role = new aws.iam.Role("myrole", {
-    assumeRolePolicy: JSON.stringify({
-        Version: "2012-10-17",
-        Statement: [{
-            Action: "sts:AssumeRole",
-            Principal: {
-                Service: "ec2.amazonaws.com"
-            },
-            Effect: "Allow",
-            Sid: ""
-        }]
-    })
+    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "ec2.amazonaws.com" }),
 });
 
 const rolePolicy = new aws.iam.RolePolicy("myrolepolicy", {
     role: role.id,
-    policy: JSON.stringify({
+    policy: {
         Version: "2012-10-17",
         Statement: [{
             Action: [ "ec2:Describe*" ],
             Effect: "Allow",
-            Resource: "*"
-        }]
-    })
+            Resource: "*",
+        }],
+    },
 });
 
 const policy = new aws.iam.Policy("mypolicy", {
-    policy: JSON.stringify({
+    policy: {
         Version: "2012-10-17",
         Statement: [{
             Action: [
               "ec2:Describe*"
             ],
             Effect: "Allow",
-            Resource: "*"
-        }]
-    })
+            Resource: "*",
+        }],
+    },
 });
 
 const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("myrolepolicyattachment", {
@@ -269,7 +259,7 @@ const stream = new aws.kinesis.Stream("mystream", {
 // })
 
 // function publicReadPolicyForBucket(bucketName: string) {
-//     return JSON.stringify({
+//     return {
 //         Version: "2012-10-17",
 //         Statement: [{
 //             Effect: "Allow",
@@ -281,7 +271,7 @@ const stream = new aws.kinesis.Stream("mystream", {
 //                 `arn:aws:s3:::${bucketName}/*` // policy refers to bucket name explicitly
 //             ]
 //         }]
-//     });
+//     };
 // }
 
 // SQS

aws-ts-stepfunctions/index.ts

@@ -4,66 +4,41 @@ import * as pulumi from "@pulumi/pulumi";
 const region = aws.config.requireRegion();
 
 const lambdaRole = new aws.iam.Role("lambdaRole", {
-    assumeRolePolicy: JSON.stringify({
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Action": "sts:AssumeRole",
-                "Principal": {
-                    "Service": "lambda.amazonaws.com",
-                },
-                "Effect": "Allow",
-                "Sid": "",
-            },
-        ],
-    })
+    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "lambda.amazonaws.com" }),
 });
 
 const lambdaRolePolicy = new aws.iam.RolePolicy("lambdaRolePolicy", {
     role: lambdaRole.id,
-    policy: JSON.stringify({
-        "Version": "2012-10-17",
-        "Statement": [{
-            "Effect": "Allow",
-            "Action": [
+    policy: {
+        Version: "2012-10-17",
+        Statement: [{
+            Effect: "Allow",
+            Action: [
                 "logs:CreateLogGroup",
                 "logs:CreateLogStream",
                 "logs:PutLogEvents"
             ],
-            "Resource": "arn:aws:logs:*:*:*"
-        }]
-    })
+            Resource: "arn:aws:logs:*:*:*",
+        }],
+    },
 });
 
 const sfnRole = new aws.iam.Role("sfnRole", {
-    assumeRolePolicy: JSON.stringify({
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "Service": `states.${region}.amazonaws.com`
-                },
-                "Action": "sts:AssumeRole"
-            }
-        ]
-    })
+    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: `states.${region}.amazonaws.com` }),
 });
 
 const sfnRolePolicy = new aws.iam.RolePolicy("sfnRolePolicy", {
     role: sfnRole.id,
-    policy: JSON.stringify({
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Action": [
-                    "lambda:InvokeFunction"
-                ],
-                "Resource": "*"
-            }
-        ]
-    })
+    policy: {
+        Version: "2012-10-17",
+        Statement: [{
+            Effect: "Allow",
+            Action: [
+                "lambda:InvokeFunction",
+            ],
+            Resource: "*",
+        }],
+    },
 });
 
 const helloFunction = new aws.serverless.Function(