我正在为API网关创建策略和角色,以使用以下terraform配置访问dynamodb api端点。我想念什么?我在terraform plan
resource "aws_iam_role_policy" "api_dbaccess_policy" {
name = "api_dbaccess_policy"
role = "${aws_iam_role.apiGatewayDynamoDbAccessRole.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:BatchGet*",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:Get*",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchWrite*",
"dynamodb:CreateTable",
"dynamodb:Delete*",
"dynamodb:Update*",
"dynamodb:PutItem"
],
"Resource": "*"
}
]
}
EOF
# depends_on = [
# "aws_dynamodb_table.us-east-1"
# ]
}
resource "aws_iam_role" "apiGatewayDynamoDbAccessRole" {
name = "apiGatewayDynamoDbAccessRole"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
我在做什么错?我收到无效的政策错误。
答案 0 :(得分:0)
如前所述,只需删除@override
void initState() {
super.initState();
() async {
await retrieveDB();
}
}
块中的缩进...
另一种选择是使用aws_iam_policy_document数据源。对我来说,这是一种更清洁的方法,并且可以更好地维护,例如当您使用具有Terraform支持的IDE时。
您的配置看起来像这样(这里不需要EOF,因为它是默认行为):
"Effect": "Allow"