我有一个创建用户的 aws_iam_user 资源:
variable "users_list" {
default = [
"user1",
"user2",
"user3"
]
}
resource "aws_iam_user" "users" {
count = length(var.users_list)
name = "${var.platform}_${element(var.users_list, count.index)}
}
resource "aws_iam_user_policy" "db_access" {
count = length(aws_iam_user.users)
user = element(aws_iam_user.users[*].name, count.index)
name = "test1"
policy = <<EOF
...
EOF
}
resource "aws_iam_user_policy" "ec2_access" {
count = length(aws_iam_user.users)
user = element(aws_iam_user.users[*].name, count.index)
name = "test2"
policy = <<EOF
...
EOF
}
这样我就可以将所有这些策略分配给所有用户
但例如,user1 可以有 db_access 和 ec2_access,但 user3 只能有 db_access
有没有办法在 terraform 中做到这一点?