From 87126d560abb3b4e24200942d88d1e8e2f27eac8 Mon Sep 17 00:00:00 2001
From: Frank <frank@sst.dev>
Date: Sat, 12 Oct 2024 13:18:16 -0400
Subject: [PATCH] component: iamEdit helper function

---
 examples/aws-bucket-policy/sst.config.ts |  5 ++---
 platform/src/components/aws/iam-edit.ts  | 22 ++++++++++++++++++++++
 platform/src/components/aws/index.ts     |  1 +
 3 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 platform/src/components/aws/iam-edit.ts

diff --git a/examples/aws-bucket-policy/sst.config.ts b/examples/aws-bucket-policy/sst.config.ts
index e68c008ea..85140112f 100644
--- a/examples/aws-bucket-policy/sst.config.ts
+++ b/examples/aws-bucket-policy/sst.config.ts
@@ -17,16 +17,15 @@ export default $config({
     const bucket = new sst.aws.Bucket("MyBucket", {
       transform: {
         policy: (args) => {
-          // use $jsonParse and $jsonStringify helper functions to manipulate JSON strings
+          // use sst.aws.iamEdit helper function to manipulate IAM policy
           // containing Output values from components
-          args.policy = $jsonParse(args.policy).apply((policy) => {
+          args.policy = sst.aws.iamEdit(args.policy, (policy) => {
             policy.Statement.push({
               Effect: "Allow",
               Principal: { Service: "ses.amazonaws.com" },
               Action: "s3:PutObject",
               Resource: $interpolate`arn:aws:s3:::${args.bucket}/*`,
             });
-            return $jsonStringify(policy);
           });
         },
       },
diff --git a/platform/src/components/aws/iam-edit.ts b/platform/src/components/aws/iam-edit.ts
new file mode 100644
index 000000000..ea261aa86
--- /dev/null
+++ b/platform/src/components/aws/iam-edit.ts
@@ -0,0 +1,22 @@
+import { Input, jsonStringify, output, UnwrappedObject } from "@pulumi/pulumi";
+import { iam } from "@pulumi/aws";
+import { Prettify } from "../component";
+
+type PartialUnwrappedPolicyDocument = {
+  Id?: string;
+  Version: "2008-10-17" | "2012-10-17";
+  Statement: Input<iam.PolicyStatement>[];
+};
+
+export function iamEdit(
+  policy: Input<iam.PolicyDocument | string>,
+  cb: (doc: Prettify<PartialUnwrappedPolicyDocument>) => void,
+) {
+  return output(policy).apply((v) => {
+    const json = typeof v === "string" ? JSON.parse(v) : v;
+    cb(json);
+    return iam.getPolicyDocumentOutput({
+      sourcePolicyDocuments: [jsonStringify(json)],
+    }).json;
+  });
+}
diff --git a/platform/src/components/aws/index.ts b/platform/src/components/aws/index.ts
index af5de062a..660865828 100644
--- a/platform/src/components/aws/index.ts
+++ b/platform/src/components/aws/index.ts
@@ -34,6 +34,7 @@ export * from "./vpc.js";
 export * from "./react.js";
 export { linkable } from "./linkable.js";
 export { permission } from "./permission.js";
+export { iamEdit } from "./iam-edit.js";
 
 // internal components
 export * from "./cdn.js";