创建内联策略以通过 terraform 附加 IAM 用户
[英]Create Inline policy to attach with IAM user via terraform
问题描述
我正在尝试创建一个内联策略以附加到我的 terraform 模块中的多个 IAM 用户。
这是我的 main.tf
locals {
name_prefix = var.environment
}
resource "aws_iam_user" "npdata" {
count = length(var.username)
name = element(var.username,count.index )
tags = merge({
Name = element(var.username,count.index )
},
var.default_tags,
)
}
resource "aws_iam_user_policy" "lb_ro" {
name = "test"
user = element(aws_iam_user.npdata.*.name,count.index)
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
actions = [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObjectVersion"
]
Effect = "Allow"
resources = [
var.dev_arn,
var.prd_arn
]
},
]
})
}
但 terraform 计划出错
Error: Reference to "count" in non-counted context
on modules/iam-user/main.tf line 18, in resource "aws_iam_user_policy" "lb_ro":
18: user = element(aws_iam_user.npdata.*.name,count.index)
The "count" object can only be used in "module", "resource", and "data"
blocks, and only when the "count" argument is set.
我如何使用 count 为资源aws_iam_user_policy提供 IAM 用户列表
1 个解决方案
解决方案1
3 2021-02-17 19:07:31
您正在尝试在此处使用count.index变量:
user = element(aws_iam_user.npdata.*.name,count.index)
但是您还没有为aws_iam_user_policy资源声明count ,因此该变量不存在。
此外,您不能将单个内联策略分配给多个用户,因此您必须创建多个内联策略资源。 因此,您需要将count = length(var.username)添加到aws_iam_user_policy资源。
terraform:有没有办法动态创建 iam 策略语句?
[英]terraform: is there a way to create iam policy statements dynamically?
AWS:如何将策略附加到 IAM 用户,授予他创建已验证身份而不访问根身份的权限?
[英]AWS: How to attach a policy to an IAM user that grants him the privilege to create a verified identity and not access root identities?
如何使用 Terraform 创建没有代入角色策略的 AWS IAM 角色?
[英]How To Use Terraform To Create an AWS IAM Role with No Assume Role Policy?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.