将变量中的列表放入Terraform中的内联策略

时间:2018-12-22 14:58:11

标签: terraform

我正在创建 access_policies 作为Terraform中的内联策略: enter image description here

是否可以使用具有列表类型的一个var代替它? 如果是,请举个例子吗?

对我来说例外是:

Error: Error running plan: 1 error(s) occurred:

* aws_elasticsearch_domain.db: 1 error(s) occurred:

* aws_elasticsearch_domain.db: At column 1, line 1: output of an HIL expression must be a string, or a single list (argument 6 is TypeList) in:

1 个答案:

答案 0 :(得分:1)

我曾经用另一种方式描述政策:

iam.tf:

resource "aws_iam_policy" "example" {
    name   = "example_policy"
    path   = "/"
    policy = "${data.aws_iam_policy_document.example.json}"
}

data "aws_iam_policy_document" "example" {
    statement {
      actions = ["*"]
      resources = ["*"]
      condition {
        test = "NotIpAddress"
        variable = "aws:SourceIp"
        values = "${var.ips}"
    }
  }
}

variables.tf:

variable "ips" {
    default = [
        "192.0.2.0/24",
        "203.0.113.0/24"
  ]
}
相关问题
最新问题