terraform - Terraform 0.12 仅在条件适用时包含语句

问题描述

我试图通过添加一些语句来创建 aws_iam_policy_document 但它失败了，因为当我第一次调用它时，“arn:aws:iam::${var.account_number}:role/audit_${var.deployment_identifier”角色不存在过程：

data "aws_iam_policy_document" "kms_policy" {
  statement {
    sid = "Enable root access to kms key"

    effect = "Allow"

    principals {
      type        = "AWS"
      identifiers = ["${var.root_role}"]
    }

    actions = [
      "kms:Create*",
      "kms:Describe*"
    ]

    resources = ["*"]
  }

  statement {
    sid = "Allow encryption access for specific roles"

    effect = "Allow"

    principals {
      type        = "AWS"
      identifiers = "["arn:aws:iam::${var.account_number}:role/audit_${var.deployment_identifier}"]"
    }

    actions = [
      "kms:Encrypt"
    ]

    resources = ["*"]
  }
}

问题是，我需要最后的声明，因为它需要更进一步。

首次运行此流程时如何检查角色是否存在，如果不存在则不能添加语句？

标签： terraformamazon-iam

terraform - Terraform 0.12 仅在条件适用时包含语句

问题描述

解决方案

推荐阅读