amazon-web-services - AWS - Terraform - SCP - MalformedPolicyDocumentException
问题描述
resource "aws_organizations_policy" "tag_enforcement_eks" {
name = "tag_enforcement_eks"
content = <<EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Deny if org:bu absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:bu": ${jsonencode(var.bu)}
}
}
},
{
"Sid": "Deny if org:zone absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:zone": ${jsonencode(var.zone)}
}
}
},
{
"Sid": "Deny if org:team absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:team": ${jsonencode(var.team)}
}
}
},
{
"Sid": "Deny if org:cluster absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:cluster": ${jsonencode(var.cluster)}
}
}
}
]
}
EOT
}
MalformedPolicyDocumentException:提供的策略文档不符合指定策略类型的要求。创建服务控制策略,我看到代码是正确的,无法验证问题出在哪里。谁能帮我吗?
错误在哪里?
解决方案
推荐阅读
- python - 如何将通过 GraphQL API 检索到的数据正确格式化为数据框?
- vue.js - 如何将 Vue 2 x 转换为 Vue 3 x?
- sql - 如何获得两个玩家一起玩的总胜利?
- angular - Angular - 错误:密码更改验证器中的对象可能为空
- knative - 将并发限制设置为 1 时,单个请求旋转 2 个 Knative 实例
- reactjs - 将 react-beautiful-dnd 用于 antd 树
- typescript - TypeScript - 如何使用动态键键入接口对象
- angular - 如何在 ngx-treeview angular js 中为每个元素添加 id
- angular - MatMenu 悬停在打开的 MatMenu 下方显示 Button
- python - 如何在 Flask 中使用输入框设置变量