amazon-web-services - 带有计数插值的 Terrafom 0.12.6 地图变量
问题描述
我正在尝试附加一个已创建为地图列表的策略 ARN 列表。请看下面:
variables.tf
:
variable "arns_map" { type = "map"
default = {
default = [
"default"
]
bakery = [
"arn:aws:iam::aws:policy/AmazonECS_FullAccess",
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/AmazonSNSFullAccess"
]
lambda = [
"arn:aws:iam::aws:policy/AWSLambdaFullAccess"
]
media-server = [
"arn:aws:iam::aws:policy/AmazonSQSFullAccess",
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess",
"arn:aws:iam::aws:policy/AmazonECS_FullAccess",
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
]
recognition = [
"arn:aws:iam::aws:policy/AmazonESFullAccess",
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/AmazonECS_FullAccess"
]
frontends = [
"arn:aws:iam::aws:policy/CloudFrontFullAccess"
]
elasticbeanstalk = [
"arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess"
]
docker = [
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess"
]
media = [
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
"arn:aws:iam::aws:policy/AmazonSQSFullAccess",
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
] } }
我的资源是这些:
主文件
resource "aws_iam_role" "tenant_roles" {
count = length(var.role_names)
name = element(var.role_names, count.index)
description = "Dedicated role for tenants"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "${var.kops_nodes_role_arn}"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
tags = {
Managedby = "terraform"
}
}
resource "aws_iam_role_policy_attachment" "tenant_policies" {
count = length(values(var.arns_map))
role = join(",", keys(var.arns_map))
# policy_arn = element(var.role_names, count.index)
policy_arn = join(",", values(var.arns_map))
depends_on = [
aws_iam_role.tenant_roles,
]
}
我收到以下错误:
Error: Invalid function argument
on ../../_platform_modules/roles/main.tf line 38, in resource "aws_iam_role_policy_attachment" "tenant_policies":
38: policy_arn = join(",", values(var.arns_map))
|----------------
| var.arns_map is map of list of string with 9 elements
Invalid value for "lists" parameter: incorrect list element type: string
required.
Error: Invalid function argument
on ../../_platform_modules/roles/main.tf line 38, in resource "aws_iam_role_policy_attachment" "tenant_policies":
38: policy_arn = join(",", values(var.arns_map))
|----------------
| var.arns_map is map of list of string with 9 elements
Invalid value for "lists" parameter: incorrect list element type: string
required.
我正在使用 terraform 0.12.6 来管理 AWS 资源。
关于如何做到这一点的任何想法?
提前致谢
解决方案
这是因为需要从资源中得到aws_iam_role_policy_attachment
字符串化的 arn,如示例中所述,并且您正在尝试提供.aws_iam_policy
list(string)
我对 AWS IAM 的经验有限,我不确定role
参数,但看起来你想迭代地图。像这样:
resource "aws_iam_role_policy_attachment" "tenant_policies" {
count = length(keys(var.arns_map))
role = element(keys(var.arns_map), count.index)
policy_arn = join(",", var.arns_map[element(keys(var.arns_maps), count.index))]
}
您也可以使用局部变量:
locals {
arns_keys = keys(var.arns_map)
arns_values = [for k in keys(var.arns_map) : join(",", var.arns_map[k])]
}
resource "aws_iam_role_policy_attachment" "tenant_policies" {
count = length(local.arns_keys)
role = join(",", local.arns_keys)
policy_arn = element(local.arns_values, count.index)
}
推荐阅读
- python - Subtracting datetime UTC and datetime not UTC
- scala - 确保隐式定义始终具有较高/较低优先级的一般方法
- docker - 使用 docker run 而不是 docker-compose up 暴露的端口
- powershell - 如果 AD 描述有一定数量添加到指定组
- c++ - 没有标题栏的 WS_POPUP 和 WS_OVERLAPPED 有什么区别?
- powershell - Powershell循环遍历文件以作为参数传递给程序
- python - Jupyter 中的错误消息为“UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe9 in position 3”
- c# - 从 ContextMenu 中的 MenuItem 访问 ListViewItem 信息
- python - 无法使用 d3.js 库呈现使用 Flask 检索到的 csv 文件
- java - 递归生成 GreyCode