aws_iam_policy_document 的 principal -> identifiers 迭代是否可能?
Is aws_iam_policy_document's principal -> identifiers iteration possible?
是否可以迭代principal -> identifiers in Data Source: aws_iam_policy_document?
Terraform version: v0.11.15
data "aws_iam_policy_document" "kms_cmk_policy_document" {
statement {
sid = "Allow access for Key Administrators"
actions = [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:TagResource",
"kms:UntagResource",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion",
]
resources = ["*"]
effect = "Allow"
principals {
type = "AWS"
identifiers = ["arn:aws:iam::accountName:role/${var.env_name}-role"] <--- NEED TO ITERATE WITH GIVEN "var.env_names" LIST
}
}
}
是的,你可以迭代:
identifiers = [for env_name in var.env_name: "arn:aws:iam::accountName:role/${env_name}-role"]
对于 TF 0.11:
identifiers = "${formatlist("arn:aws:iam::accountName:role/%s-role", var.env_name)}"
是否可以迭代principal -> identifiers in Data Source: aws_iam_policy_document?
Terraform version: v0.11.15
data "aws_iam_policy_document" "kms_cmk_policy_document" {
statement {
sid = "Allow access for Key Administrators"
actions = [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:TagResource",
"kms:UntagResource",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion",
]
resources = ["*"]
effect = "Allow"
principals {
type = "AWS"
identifiers = ["arn:aws:iam::accountName:role/${var.env_name}-role"] <--- NEED TO ITERATE WITH GIVEN "var.env_names" LIST
}
}
}
是的,你可以迭代:
identifiers = [for env_name in var.env_name: "arn:aws:iam::accountName:role/${env_name}-role"]
对于 TF 0.11:
identifiers = "${formatlist("arn:aws:iam::accountName:role/%s-role", var.env_name)}"