通过 terraform 创建策略时出现 MalformedPolicyDocument 错误
MalformedPolicyDocument error when creating policy via terraform
我在 运行 terraform 时收到以下错误:
* aws_iam_role_policy.rds_policy: Error putting IAM role policy my-rds-policy: MalformedPolicyDocument: The policy failed legacy parsing
这是我对资源的定义:
resource "aws_iam_role_policy" "rds_policy" {
name = "my-rds-policy"
role = "${aws_iam_role.rds_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObjectMetaData",
"s3:GetObject",
"s3:PutObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::my-bucket/backups/*"
]
}
]
}
EOF
}
JSON 策略文档格式正确,我看不到任何明显的内容。
您需要确保在 EOF 的开头没有任何缩进 heredoc 因为您的 JSON 策略不应以缩进的大括号开头。
所以你应该可以接受这个小改动:
resource "aws_iam_role_policy" "rds_policy" {
name = "my-rds-policy"
role = "${aws_iam_role.rds_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObjectMetaData",
"s3:GetObject",
"s3:PutObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::my-bucket/backups/*"
]
}
]
}
EOF
}
或者将 <<EOF 更改为 <<-EOF 以允许缩进。
然后它将删除与应用时缩进最少的行匹配的缩进数。
我在 运行 terraform 时收到以下错误:
* aws_iam_role_policy.rds_policy: Error putting IAM role policy my-rds-policy: MalformedPolicyDocument: The policy failed legacy parsing
这是我对资源的定义:
resource "aws_iam_role_policy" "rds_policy" {
name = "my-rds-policy"
role = "${aws_iam_role.rds_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObjectMetaData",
"s3:GetObject",
"s3:PutObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::my-bucket/backups/*"
]
}
]
}
EOF
}
JSON 策略文档格式正确,我看不到任何明显的内容。
您需要确保在 EOF 的开头没有任何缩进 heredoc 因为您的 JSON 策略不应以缩进的大括号开头。
所以你应该可以接受这个小改动:
resource "aws_iam_role_policy" "rds_policy" {
name = "my-rds-policy"
role = "${aws_iam_role.rds_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObjectMetaData",
"s3:GetObject",
"s3:PutObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::my-bucket/backups/*"
]
}
]
}
EOF
}
或者将 <<EOF 更改为 <<-EOF 以允许缩进。
然后它将删除与应用时缩进最少的行匹配的缩进数。