Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException
Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException
我正在尝试添加一个 aws_config_config_rule 资源和一组 input_parameters,但我不断收到
Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException: Unknown parameters provided in the inputParameters: {"targetBucket":"mybucket"}.
# Enables access logging for the CloudTrail S3 bucket
resource aws_config_config_rule cloudtrail-s3-bucket-logging-enabled {
name = "cloudtrail-s3-bucket-logging-enabled"
description = "Checks whether logging is enabled for your S3 buckets."
source {
owner = "AWS"
source_identifier = "S3_BUCKET_LOGGING_ENABLED"
}
scope {
compliance_resource_id = aws_s3_bucket.mybucket.arn
compliance_resource_types = ["AWS::S3::Bucket"]
}
input_parameters = jsonencode({"targetBucket":"${aws_s3_bucket.mybucket.id}"})
}
我想我可以使用 jsonencode 函数 https://www.terraform.io/docs/configuration/functions/jsonencode.html. I came across a github issue: https://github.com/hashicorp/terraform/issues/14074,但它与我遇到的不同。任何帮助将不胜感激。
我为此规则使用了错误的输入参数。这有效
# Ensures that the S3 bucket used by CloudTrail is not publicly accessible
resource aws_config_config_rule cloudtrail-s3-bucket-not-publicy-accessible {
name = "cloudtrail-s3-bucket-not-publicy-accessible"
description = "Checks whether the required public access block settings are configured from account level. The rule is only NON_COMPLIANT when the fields set below do not match the corresponding fields in the configuration item."
source {
owner = "AWS"
source_identifier = "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS"
}
scope {
compliance_resource_id = aws_s3_bucket.mybucket.id
compliance_resource_types = ["AWS::S3::Bucket"]
}
input_parameters = "{\"IgnorePublicAcls\":\"True\",\"BlockPublicPolicy\":\"True\",\"BlockPublicAcls\":\"True\",\"RestrictPublicBuckets\":\"True\"}"
}
我正在尝试添加一个 aws_config_config_rule 资源和一组 input_parameters,但我不断收到
Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException: Unknown parameters provided in the inputParameters: {"targetBucket":"mybucket"}.
# Enables access logging for the CloudTrail S3 bucket
resource aws_config_config_rule cloudtrail-s3-bucket-logging-enabled {
name = "cloudtrail-s3-bucket-logging-enabled"
description = "Checks whether logging is enabled for your S3 buckets."
source {
owner = "AWS"
source_identifier = "S3_BUCKET_LOGGING_ENABLED"
}
scope {
compliance_resource_id = aws_s3_bucket.mybucket.arn
compliance_resource_types = ["AWS::S3::Bucket"]
}
input_parameters = jsonencode({"targetBucket":"${aws_s3_bucket.mybucket.id}"})
}
我想我可以使用 jsonencode 函数 https://www.terraform.io/docs/configuration/functions/jsonencode.html. I came across a github issue: https://github.com/hashicorp/terraform/issues/14074,但它与我遇到的不同。任何帮助将不胜感激。
我为此规则使用了错误的输入参数。这有效
# Ensures that the S3 bucket used by CloudTrail is not publicly accessible
resource aws_config_config_rule cloudtrail-s3-bucket-not-publicy-accessible {
name = "cloudtrail-s3-bucket-not-publicy-accessible"
description = "Checks whether the required public access block settings are configured from account level. The rule is only NON_COMPLIANT when the fields set below do not match the corresponding fields in the configuration item."
source {
owner = "AWS"
source_identifier = "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS"
}
scope {
compliance_resource_id = aws_s3_bucket.mybucket.id
compliance_resource_types = ["AWS::S3::Bucket"]
}
input_parameters = "{\"IgnorePublicAcls\":\"True\",\"BlockPublicPolicy\":\"True\",\"BlockPublicAcls\":\"True\",\"RestrictPublicBuckets\":\"True\"}"
}