如何解决我在保单文件中的以下代码中收到的错误消息
How can I solve the error message I am receiving in my below code in my policy documents
我在 运行 terraform 应用时出现以下错误:
模板插值无效
var.oidc_condition_statement 是包含 2 个元素的字符串列表不能在字符串模板中包含给定值:需要字符串。
resource "aws_iam_role" "Orchestration_role"{
name = var.orchestration_role_name
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRoleWithWebIdentity",
"Principal":{
"Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
},
"Condition":{
"ForAnyValue:StringLike":{
"token.actions.githubusercontent.com:sub": "${var.oidc_condition_statement}"
}
}
}
]
}
EOF
}
variable.tf
variable "oidc_condition_statement"{
type = list(string)
}
tfvars
oidc_condition_statement = ["repo:organization/terraform-aws-githubaction:ref:refs/heads/staging","repo:organization/terraform-aws-githubaction:pull_request"]
请使用jsonencode:
resource "aws_iam_role" "Orchestration_role"{
name = var.orchestration_role_name
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRoleWithWebIdentity",
"Principal":{
"Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
},
"Condition":{
"ForAnyValue:StringLike":{
"token.actions.githubusercontent.com:sub": ${jsonencode(var.oidc_condition_statement)}
}
}
}
]
}
EOF
}
我在 运行 terraform 应用时出现以下错误: 模板插值无效 var.oidc_condition_statement 是包含 2 个元素的字符串列表不能在字符串模板中包含给定值:需要字符串。
resource "aws_iam_role" "Orchestration_role"{
name = var.orchestration_role_name
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRoleWithWebIdentity",
"Principal":{
"Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
},
"Condition":{
"ForAnyValue:StringLike":{
"token.actions.githubusercontent.com:sub": "${var.oidc_condition_statement}"
}
}
}
]
}
EOF
}
variable.tf
variable "oidc_condition_statement"{
type = list(string)
}
tfvars
oidc_condition_statement = ["repo:organization/terraform-aws-githubaction:ref:refs/heads/staging","repo:organization/terraform-aws-githubaction:pull_request"]
请使用jsonencode:
resource "aws_iam_role" "Orchestration_role"{
name = var.orchestration_role_name
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRoleWithWebIdentity",
"Principal":{
"Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
},
"Condition":{
"ForAnyValue:StringLike":{
"token.actions.githubusercontent.com:sub": ${jsonencode(var.oidc_condition_statement)}
}
}
}
]
}
EOF
}