terraform - 无法创建 AWSConfig 规则：InvalidParameterValueException：空格不能用于输入参数：阈值

问题描述

我正在尝试创建一个 aws 配置规则来检查 cloudtrail 警报是否已启用。Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException: Blank spaces are not acceptable for input parameter: threshold.运行时出现以下错误terraform apply。我不确定输入参数参数中的格式问题是什么（请参阅 参考资料input_parameters）。如果我删除除metricNameie之外的所有内容，则应用有效

input_parameters = "{\"metricName\":\"CloudTrailConfigChanges\"}"

任何帮助将不胜感激。

resource aws_config_config_rule ensure-log-alarm-exists-for-cloudtrail {
  name = "ensure-log-alarm-exists-for-cloudtrail"
  description = "Checks whether cloudwatch alarm is on for cloudtrail configuration changes"

  source {
    owner = "AWS"
    source_identifier = "CLOUDWATCH_ALARM_SETTINGS_CHECK"
  }
  
  input_parameters = "{\"metricName\":\"CloudTrailConfigChanges\",\"threshold\":1,\"evaluationPeriod\":1,\"period\":300,\"comparisionOperator\":\"GreaterThanOrEqualToThreshold\",\"statistic\":\"Sum\"}"
}

从 json 字符串解析类型 ints 似乎存在问题：https ://github.com/hashicorp/terraform-provider-aws/issues/773#issuecomment-385454229

即使使用我也会遇到同样的错误

  input_parameters =<<EOF
{
  "metricName":"CloudTrailConfigChanges",
  "threshold":1
}
EOF

或者

input_parameters = jsonencode({"metricName":"CloudTrailConfigChanges","threshold"=1})

转换用引号括起来的 int 值也不起作用。

resource "aws_config_config_rule" "ensure-log-alarm-exists-for-cloudtrail" {
  name        = "ensure-log-alarm-exists-for-cloudtrail"
  description = "Checks whether cloudwatch alarm is on for cloudtrail configuration changes"

  source {
    owner             = "AWS"
    source_identifier = "CLOUDWATCH_ALARM_SETTINGS_CHECK"
  }

  input_parameters = jsonencode({
    metricName = "CloudTrailConfigChanges"
    threshold  = "1"
  })
}

上面的代码产生以下错误：

Unknown parameters provided in the inputParameters:

标签： terraformaws-config