amazon-iam - Terraform:将 aws_iam_role_policy 关联到 aws_iam_role

标签 amazon-iam terraform

我正在尝试使用 Terraform 变量将 aws_iam_role_policy 附加到 aws_iam_role:${aws_iam_role.AutoTagMasterRole.id}

我正在使用在以下位置找到的 TF 文档:iam_role_policy.html

Terraform 错误消息:

aws_iam_role_policy.AutoTagMasterPolicy: Resource 'aws_iam_role.AutoTagMasterRole' not found for variable 'aws_iam_role.AutoTagMasterRole.arn'

这是我的 Terraform 配置:

  resource "aws_iam_role_policy" "AutoTagMasterPolicy" {
    name  = "AutoTagMasterPolicy"
    role = "${aws_iam_role.AutoTagMasterRole.id}"


    policy = <<EOF
  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "s3:GetBucketTagging",
          "s3:PutBucketTagging",
          "ec2:CreateTags",
          "elasticloadbalancing:AddTags",
          "autoscaling:CreateOrUpdateTags",
          "rds:AddTagsToResource",
          "elasticmapreduce:AddTags",
          "datapipeline:AddTags"
        ],
        "Resource": [
          "*"
        ]
      }
    ]
  }
  EOF
  }



  resource "aws_iam_role" "AutoTagMasterRole" {
    name = "AutoTagMasterRole"
    path = "/gorillastack/autotag/master/"

    assume_role_policy = <<EOF
  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "AWS": { "${aws_iam_role.AutoTagExecutionRole.arn}" }
        },
        "Action": [
          "sts:AssumeRole"
        ]
      }
    ]
  }
  EOF
  }

谁能告诉我我做错了什么?

更新 有人告诉我这与我尝试将 cloudformation 函数移植到它在 terraform 中的等效函数有关。

这是 cloudformation 列出的内容:

   "Principal": {
            "AWS" : { "Fn::GetAtt" : [ "AutoTagExecutionRole", "Arn" ] }
          },

我正在尝试在 terraform 中找到等效项。这是我使用的,但它抛出了错误。

   "Principal": {
    "AWS": { "${aws_iam_role.AutoTagExecutionRole.arn}" }
  }

最佳答案

aws_iam_role 中Principal 的定义有误

这是给你的示例。

resource "aws_iam_role" "test_role" {
  name = "test_role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

所以你的代码应该改成

resource "aws_iam_role" "AutoTagMasterRole" {
  name = "AutoTagMasterRole"
  path = "/gorillastack/autotag/master/"

  assume_role_policy = <<EOF
  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Service": "ec2.amazonaws.com"
        },
        "Action": [
          "sts:AssumeRole"
        ]
      }
    ]
  }
  EOF
}

引用:terraform aws_iam_role

关于amazon-iam - Terraform:将 aws_iam_role_policy 关联到 aws_iam_role,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44711972/

上一篇:ms-office - Word 加载项 - 如何读取自定义文档属性

下一篇:c - 从数据类型推导出格式说明符?

相关文章:

json - 有没有办法将 terraform-aws-provider-resource 包含在容器定义 JSON 文档中?

amazon-web-services - 将 jenkins 与 bitbucket 集成到 Terraform 上

amazon-web-services - 使用 cloudformation 更新 S3 存储桶的 IAM 策略

amazon-web-services - AWS Fargate 部署 : "Invalid action configuration The AWS ECS container ***** does not exist"

amazon-web-services - 如何在 CloudFormation 脚本中将 AmazonEC2RoleforSSM 附加到 ec2 实例

amazon-web-services - 连接到 AWS Transfer for SFTP

azure - 获取 terraform 中可能的出站 IP 地址列表

terraform - 缺少配置版本 Terraform Cloud

node.js - 用户 : is not authorized to perform: cloudformation:DescribeStacks

amazon-web-services - 如何通过 IAM 共享具有 MFA 保护的 Amazon S3 内容?

©2024 IT工具网  联系我们