我正在尝试使用Terraform变量将 aws_iam_role_policy 附加到 aws_iam_role :${aws_iam_role.AutoTagMasterRole.id}
我正在使用在iam_role_policy.html
找到的TF文档Terraform错误消息:
aws_iam_role_policy.AutoTagMasterPolicy:资源 找不到变量'aws_iam_role.AutoTagMasterRole' 'aws_iam_role.AutoTagMasterRole.arn'
这是我的Terraform配置:
resource "aws_iam_role_policy" "AutoTagMasterPolicy" {
name = "AutoTagMasterPolicy"
role = "${aws_iam_role.AutoTagMasterRole.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketTagging",
"s3:PutBucketTagging",
"ec2:CreateTags",
"elasticloadbalancing:AddTags",
"autoscaling:CreateOrUpdateTags",
"rds:AddTagsToResource",
"elasticmapreduce:AddTags",
"datapipeline:AddTags"
],
"Resource": [
"*"
]
}
]
}
EOF
}
resource "aws_iam_role" "AutoTagMasterRole" {
name = "AutoTagMasterRole"
path = "/gorillastack/autotag/master/"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": { "${aws_iam_role.AutoTagExecutionRole.arn}" }
},
"Action": [
"sts:AssumeRole"
]
}
]
}
EOF
}
有人可以告诉我这是错误的吗?
更新我被告知这与我尝试将cloudformation功能移植到terraform中相当。
这就是cloudformation列出的内容:
"Principal": {
"AWS" : { "Fn::GetAtt" : [ "AutoTagExecutionRole", "Arn" ] }
},
我试图在terraform中找到相应的东西。这就是我所使用的,但它正在抛出错误。
"Principal": {
"AWS": { "${aws_iam_role.AutoTagExecutionRole.arn}" }
}
答案 0 :(得分:1)
故障排除后意识到我的语法不正确:
"Principal": {
"AWS": { "${aws_iam_role.AutoTagExecutionRole.arn}" }
},
应该是:
"Principal": {
"AWS": "${aws_iam_role.AutoTagExecutionRole.arn}"
},
错误的语法(尽管Terraform没有准确报告)导致aws_iam_role无法写入tf.state文件,导致错误消息报告无法找到资源。