Terraform验证JSON策略失败

时间:2020-05-24 16:23:19

标签: json validation terraform

我正在尝试使用具有自定义json策略的terraform文件创建S3存储桶。我找不到JSON格式的问题。 Terraform验证出现错误

“错误:“策略”包含无效的JSON:无效的字符's'正在寻找值的开头” 在线

    {
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Explicit deny",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:*",
        "Resource": [
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
        ],
        "Condition": {
            "StringNotLike": {
                "aws:userId": [
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "999999999999"
                ]
            }
        }
    },
    {
        "Sid": "Policy Modification",
        "Effect": "Deny",
        "Principal": "*",
        "Action": [
            "s3:cUSTOMpoLICY",
            "s3:cUSTOMpoLICY"
        ],
        "Resource": [
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
        ],
        "Condition": {
            "StringNotLike": {
                "aws:userId": [
                    "XXXXXXXXXXXXXXXXXXXXX:*",
                    "999999999999"
                ]
            }
        }
    }
]

}

我能够通过JSONLINT.com进行验证,发现这不是JSON格式问题,而是与处理JSON的Terraform有关

1 个答案:

答案 0 :(得分:1)

这不是实际的解决方案,但是当我通过在

下指定将JSON策略内容移至terraform文件时,我能够使该策略生效 
    policy = <<POLICY
     {
 {
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Explicit deny",
        "Effect": "Deny",
        "Principal": "*",
        "Action": "s3:*",
        "Resource": [
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
        ],
        "Condition": {
            "StringNotLike": {
                "aws:userId": [
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "XXXX9999XXXXXXXXXXXXX:*",
                    "999999999999"
                ]
            }
        }
    },
    {
        "Sid": "Policy Modification",
        "Effect": "Deny",
        "Principal": "*",
        "Action": [
            "s3:cUSTOMpoLICY",
            "s3:cUSTOMpoLICY"
        ],
        "Resource": [
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
            "arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
        ],
        "Condition": {
            "StringNotLike": {
                "aws:userId": [
                    "XXXXXXXXXXXXXXXXXXXXX:*",
                    "999999999999"
                ]
            }
        }
    }
]

} 政策

我用过 Terraform v0.12.9,+ provider.aws v2.63.0 我将尝试将其作为Bug提交到Terraform github

相关问题
最新问题