While creating Cross account role using terraform getting error Error: Error asking for user input: Cannot parse value for variable policy_arns
While creating Cross account role using terraform getting error Error: Error asking for user input: Cannot parse value for variable policy_arns
我正在尝试使用 terraform 创建跨账户角色,同时将策略名称作为输入获取错误 错误:请求用户输入时出错:无法解析变量的值 policy_arns
data "aws_iam_policy_document" "cross_account" {
statement {
effect = "Allow"
principals {
type = "AWS"
identifiers = ["${var.principal_arns}"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "cross_account_role" {
name = "${var.name}"
assume_role_policy = "${data.aws_iam_policy_document.cross_account_assume_role_policy.json}"
}
resource "aws_iam_role_policy_attachment" "cross_account_role" {
count = "${length(var.policy_arns)}"
role = "${aws_iam_role.cross_account_role.name}"
policy_arn = "${element(var.policy_arns, count.index)}"
}
variable "name" {
type = "string"
description = "Name of the role being created."
}
variable "principal_arns" {
type = "list"
description = "ARNs of accounts, groups, or users with the ability to assume this role."
}
variable "policy_arns" {
type = "list"
description = "List of ARNs of policies to be associated with the created IAM role"
}
通过 -var foo=bar 命令行标志或作为环境变量 TF_VAR_foo=bar 传递的变量只能是 literal strings:
Variables specified via the -var command line flag will be literal strings "true" and "false", so care should be taken to explicitly use "0" or "1".
Variables specified with the TF_VAR_ environment variables will be literal string values, just like -var.
如果您希望能够使用列表变量,那么您需要提前在 terraform.tfvars file or other vars file or you could use the split() function 中定义这些变量,以获取一个单独的字符串并将其转换为一个列表:
variable "string_list" {
type = "string"
}
locals {
list_list = "${split(",", var.string_list)}"
}
output "list_list" {
value = ["${local.list_list}"]
}
我正在尝试使用 terraform 创建跨账户角色,同时将策略名称作为输入获取错误 错误:请求用户输入时出错:无法解析变量的值 policy_arns
data "aws_iam_policy_document" "cross_account" {
statement {
effect = "Allow"
principals {
type = "AWS"
identifiers = ["${var.principal_arns}"]
}
actions = ["sts:AssumeRole"]
}
}
resource "aws_iam_role" "cross_account_role" {
name = "${var.name}"
assume_role_policy = "${data.aws_iam_policy_document.cross_account_assume_role_policy.json}"
}
resource "aws_iam_role_policy_attachment" "cross_account_role" {
count = "${length(var.policy_arns)}"
role = "${aws_iam_role.cross_account_role.name}"
policy_arn = "${element(var.policy_arns, count.index)}"
}
variable "name" {
type = "string"
description = "Name of the role being created."
}
variable "principal_arns" {
type = "list"
description = "ARNs of accounts, groups, or users with the ability to assume this role."
}
variable "policy_arns" {
type = "list"
description = "List of ARNs of policies to be associated with the created IAM role"
}
通过 -var foo=bar 命令行标志或作为环境变量 TF_VAR_foo=bar 传递的变量只能是 literal strings:
Variables specified via the -var command line flag will be literal strings "true" and "false", so care should be taken to explicitly use "0" or "1".
Variables specified with the TF_VAR_ environment variables will be literal string values, just like -var.
如果您希望能够使用列表变量,那么您需要提前在 terraform.tfvars file or other vars file or you could use the split() function 中定义这些变量,以获取一个单独的字符串并将其转换为一个列表:
variable "string_list" {
type = "string"
}
locals {
list_list = "${split(",", var.string_list)}"
}
output "list_list" {
value = ["${local.list_list}"]
}