[英]UPDATE: iam_policy_document: Error: InvalidParameter: Invalid parameter: Policy Error: null status code: 400, request id
所以我正在嘗試遷移一個由模塊組成的非模塊化 Terraform 設置。 我遇到了這個錯誤。 我知道這不是 terraform 特定錯誤,但 Terraform 是我正在使用的錯誤。
實現這一目標所需的所有模塊的整體結構包括:
%ls
caller_identity event_rule event_target iam_policy_document sns_topic_policy
在 caller_dentity 中:
ls
main.tf output.tf variable.tf
在事件規則中:
main.tf output.tf variable.tf
在事件目標中:
main.tf variable.tf (i did not seem to need to have an output to be used somewhere else.)
在 iam_policy_document 中:
ls% main.tf output.tf variable.tf
data "aws_iam_policy_document" "this" {
statement {
actions = [
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish",
"SNS:Receive"
]
condition {
test = "StringEquals"
variable = "AWS:SourceOwner"
values = [
var.account
]
}
effect = "Allow"
principals {
type = "AWS"
identifiers = ["*"]
}
resources = [
var.arn
]
sid = "__default_statement_ID"
}
statement {
actions = [
"sns:Publish"
]
effect = "Allow"
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = [
var.arn
]
sid = "TrustCWEToPublishEventsToMyTopic"
}
}
在 sns_topic_policy 中:
main.tf output.tf variable.tf
resource "aws_sns_topic_policy" "this" {
arn = var.arn
policy = var.policy
}
我開始按照發布的順序重做所有這些,而不是像我 go 那樣進行測試。說完一切后,有 4 個項目 terraform 需要構建; 我知道肯定是因為非模塊版本是我的基礎
所以一切似乎都正常,直到我進入 aws_sns_topic_policy。
這是如果我敲出 sns_topic
}
}
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
我點擊“是”,它完成后給出了下面所述的 output。
現在,一旦我添加了 sns 模塊,它就會在某處失控。
我的輸出:
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
caller_identity_out = 012345678910
cloudwatch_event_rule_out = Detect-Local-User-Creations
iam_policy_document_out = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Action": [
"SNS:Subscribe",
"SNS:SetTopicAttributes",
"SNS:RemovePermission",
"SNS:Receive",
"SNS:Publish",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:DeleteTopic",
"SNS:AddPermission"
],
"Resource": "arn:aws:sns:us-east-1:012345678910:tf-SnsTopic-EmailSNSTopic-9JJZS66CE1CW",
"Principal": {
"AWS": "*"
},
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "012345678910"
}
}
},
{
"Sid": "TrustCWEToPublishEventsToMyTopic",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:aws:sns:us-east-1:012345678910:tf-SnsTopic-EmailSNSTopic-9JJZS66CE1CW",
"Principal": {
"Service": "events.amazonaws.com"
}
}
]
}
根據我所看到的,我不知道它指的是什么。 我得到這個錯誤到 go 的唯一方法是使用 jsonencode。 然而,這是下一個錯誤發生的地方
iam_policy_document: Error: InvalidParameter: Invalid parameter: Policy Error: null status code: 400,
output.tf文件
output "iam_policy_document_out" {
value = data.aws_iam_policy_document.this.json
}
有人提到不需要 jsonencode,如果我把它拿出來,就會發生這種情況。
當我更改 #policy = jsonencode("module.aws_iam_policy_document.iam_policy_document_out") 時收到錯誤
政策=“module.aws_iam_policy_document.iam_policy_document_out”
錯誤::
dLocalUsers]
module.iam_policy_document.data.aws_iam_policy_document.this: Refreshing state...
Error: "policy" contains an invalid JSON: invalid character 'm' looking for beginning of value
on ../../../modules/cloudwatch/sns_topic_policy/main.tf line 3, in resource "aws_sns_topic_policy" "this":
3: policy = var.policy
最新的事情是當我從答案中實施“替代方案”時。 我收到此錯誤,但我沒有發現問題。 我不明白這是什么錯誤。 我有 output 工作,它在 sns_topic 中聲明..所以要么我錯過了明顯的,我不知道......
Error: Reference to undeclared module
on main.tf line 43, in module "sns_topic_policy":
43: policy = module.aws_iam_policy_document.iam_policy_document_out.json
No module call named "aws_iam_policy_document" is declared in the root module.
您的iam_policy_document_out
已經是json
形式:
value = data.aws_iam_policy_document.this.json
因此,在模塊中,應使用以下內容:
module "sns_topic_policy" {
source = "./sns_topic_policy/"
arn = module.SnsTopic.arn
policy = module.aws_iam_policy_document.iam_policy_document_out
}
仍然可能存在其他問題,這些問題在您部署代碼之前並不明顯。
output "iam_policy_document_out" {
value = data.aws_iam_policy_document.this
}
module "sns_topic_policy" {
source = "./sns_topic_policy/"
arn = module.SnsTopic.arn
policy = module.aws_iam_policy_document.iam_policy_document_out.json
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.