[英]terraform managed_policy_arns issue with aws_iam_role
The below code removes the iam policy eks-fargate-logging-policy.以下代码删除了 iam 策略 eks-fargate-logging-policy。 What is the right way to define aws managed and customer managed policies together?
一起定义 aws 管理和客户管理策略的正确方法是什么?
resource "aws_iam_policy" "eks-fargate-logging-policy" {
name = "eks-fargate-logging-policy"
description = "Policy for fargate logs to cloudwatch"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
]
Effect = "Allow"
Resource = "*"
},
]
})
}
resource "aws_iam_role" "fargate_pod_execution_role" {
name = "${var.eks_cluster_name}-eks-fargate-pod-execution-role"
assume_role_policy = data.aws_iam_policy_document.fargate_assume_role.json
#Here's the issue
managed_policy_arns = [aws_iam_policy.eks-fargate-logging-policy.arn,"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy"]
force_detach_policies = true
}
I don't see this issue anymore.我再也看不到这个问题了。 Looks like it works as expected.
看起来它按预期工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.