gpt4 book ai didi

terraform - terraform 中 aws_iam_policy 资源中条件的语法

转载 作者:行者123 更新时间:2023-12-04 07:37:00 25 4
gpt4 key购买 nike

我目前正在尝试在 terraform 中实现一个 aws_iam_policy,如下所示:

resource "aws_iam_policy" "policyName" {
name = "policyName"
path = "/"

policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
NotAction = [
"iam:*"
]
Resource = "*"

Condition = {
test = "StringEquals"
variable = "s3:prefix"
values = [
"home/"
]
}
}
]
})
}
但是,当我尝试在我在团队中使用的环境中部署它时,我收到一条错误消息,指出这存在语法错误(日志仅指出起跑线,没有其他任何地方)。当我取出 Condition 块时,错误消失了,所以我知道这与条件有关。我检查了 terraform 文档,但他们没有 =在条件之后,但是当我删除 = 时我收到一条错误消息,提示 =是期待。有谁知道正确的语法/寻找有关此文档的正确位置(如前所述, https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document 上的文档对我不起作用)?

最佳答案

我会尝试 aws_iam_policy_document 数据块,如下例:

data "aws_iam_policy_document" "example" {

statement {

not_actions = [
"iam:*",
]

effect = "Allow"

resources = [
"*",
]

condition {
test = "StringEquals"
variable = "s3:prefix"
values = [
"home/"
]
}
}
}
然后添加一个 aws_iam_policy引用此数据源的资源:
resource "aws_iam_policy" "policyName" {
name = "policyName"
path = "/"
policy = data.aws_iam_policy_document.example.json
}
根据我的经验,这种模式在配置 IAM 策略时产生了最好的验证。

关于terraform - terraform 中 aws_iam_policy 资源中条件的语法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67690158/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com