Terraform 如何在模块调用中插入数据资源名称
Terraform How To Interpolate Name Of Data Resource In Module Call
我的目标是使用 for_each 调用策略模块,以便为每个策略名称输入选择正确的 policy_document。有没有办法做到这一点?输入是带有键 example-service
的映射的示例
data "aws_iam_policy_document" "policy-example-service" {
statement {
sid = "AllowListBuckets"
actions = ["s3:ListAllMyBuckets"]
resources = ["*"]
}
}
module "policy_example" {
source = "../modules/aws-iam-policy"
for_each = var.example_policies_mapped_to_roles
name = "example-${each.key}"
path = "/"
policy = "${data.aws_iam_policy_document.policy-${each.key}.json}" //so here "policy-example-service" would be filled in
}
这将允许我用许多不同的 policy_document 定义一个模块调用。
遗憾的是你不能这样做。 TF不支持动态引用data.aws_iam_policy_document.policy-${each.key}.json
.
形式的资源
解决这个问题的方法是在 aws_iam_policy_document.policy-example-service
中使用 for_each
data "aws_iam_policy_document" "policy-example-service" {
for_each = var.example_policies_mapped_to_roles
# all this must be parameterized based on `each.key` values
# for example with dynamic blocks
statement {
sid = "AllowListBuckets"
actions = ["s3:ListAllMyBuckets"]
resources = ["*"]
}
}
那么,你可以这样做:
policy = data.aws_iam_policy_document.policy[each.key].json
另一种方法是将您的 IAM 策略保存在 json 文件中,然后根据需要加载文件。
我的目标是使用 for_each 调用策略模块,以便为每个策略名称输入选择正确的 policy_document。有没有办法做到这一点?输入是带有键 example-service
data "aws_iam_policy_document" "policy-example-service" {
statement {
sid = "AllowListBuckets"
actions = ["s3:ListAllMyBuckets"]
resources = ["*"]
}
}
module "policy_example" {
source = "../modules/aws-iam-policy"
for_each = var.example_policies_mapped_to_roles
name = "example-${each.key}"
path = "/"
policy = "${data.aws_iam_policy_document.policy-${each.key}.json}" //so here "policy-example-service" would be filled in
}
这将允许我用许多不同的 policy_document 定义一个模块调用。
遗憾的是你不能这样做。 TF不支持动态引用data.aws_iam_policy_document.policy-${each.key}.json
.
解决这个问题的方法是在 aws_iam_policy_document.policy-example-service
for_each
data "aws_iam_policy_document" "policy-example-service" {
for_each = var.example_policies_mapped_to_roles
# all this must be parameterized based on `each.key` values
# for example with dynamic blocks
statement {
sid = "AllowListBuckets"
actions = ["s3:ListAllMyBuckets"]
resources = ["*"]
}
}
那么,你可以这样做:
policy = data.aws_iam_policy_document.policy[each.key].json
另一种方法是将您的 IAM 策略保存在 json 文件中,然后根据需要加载文件。