[英]Terraform aws_iam_policy_document: Inappropriate value for attribute "resources": element 0: string required
我正在尝试使用此问题的答案生成的 output 来生成 IAM 策略的 arns 列表:
data "aws_iam_policy_document" "test" {
statement {
effect = "Allow"
actions = [ "s3:*" ]
resources = [
for arn in local.s3_folder_arns: [
arn
]
]
}
}
而且我不断收到这样的错误:
Error: Missing item separator
│
│ on lambda.tf line 111, in data "aws_iam_policy_document" "test":
│ 111: resources = [
│ 112: for arn in local.s3_folder_arns: [
│ 114: arn
│ 115: ]
│ 116: ]
│ ├────────────────
│ │ local.s3_folder_arns is list of string with 9 elements
│
│ Inappropriate value for attribute "resources": element 0: string required.
即使输出变量确认它看起来像我想要的:
Changes to Outputs:
+ s3_folder_arns = [
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User2/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User3/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User4/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User5/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client2/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client3/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner2/client1/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner3/client1/User1/output/*",
]
如果我将资源索引为arn[0] ,那行得通,但这不是我想要的。 我希望动态生成填充 IAM 策略的资源列表。
我究竟做错了什么?
结果我使用了一对额外的方括号。 改变
resources = [
for arn in local.s3_folder_arns: [
arn
]
]
到
resources = [
for arn in local.s3_folder_arns: arn
]
解决了这个问题。
参考Terraform中用for_each创建的几个aws_iam_policy_document数据源
[英]Reference several aws_iam_policy_document data sources created with for_each in Terraform
Terraform 错误:属性“requires_compatibilities”的值不合适:需要一组字符串
[英]Terraform ERROR: Inappropriate value for attribute "requires_compatibilities": set of string required
terraform 中 aws_iam_policy 资源中条件的语法
[英]Syntax for conditions in aws_iam_policy resources in terraform
如何确定使用 AWS Terraform 资源所需的 AWS IAM 策略权限?
[英]How to determine the AWS IAM policy permissions needed to use AWS Terraform Resources?
terraform managed_policy_arns 问题与 aws_iam_role
[英]terraform managed_policy_arns issue with aws_iam_role
Terraform 抛出为服务帐户设置 IAM 策略时出错...需要权限 iam.serviceAccounts.setIamPolicy
[英]Terraform throws Error setting IAM policy for service account ... Permission iam.serviceAccounts.setIamPolicy is required
AWS IAM 策略中要求的资源类型意味着什么
[英]What does it mean for a resource type to be required in an AWS IAM policy
terraform.network_interface_ids - 属性值不合适
[英]terraform network_interface_ids - Inappropriate value for attribute
Terraform AWS IAM 角色“inline_policy.0.policy”包含使用 ${file xyz} 和 jsonencode 的无效 JSON 策略
[英]Terraform AWS IAM Role “inline_policy.0.policy” contains an invalid JSON policy using ${file xyz} and jsonencode
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.