我正在尝试使用aws_iam_policy_document定义一个动态的原则列表,并在加入双引号作为连接的过程中苦苦挣扎。我有以下适用于单个项目列表的项目,但无法执行多个项目,我试图在连接和格式列表中添加双引号,但转义似乎不起作用-我忽略了什么?
locals {
role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/"
principle_roles_list = "${formatlist("%v%v_%v",local.role_arn,var.environment,var.s3_bucket_generic_microservices)}"
principle_roles = "${join(",", formatlist ("%s", local.principle_roles_list))}"
}
data "aws_iam_policy_document" "ecs_service_s3_bucket_policy_document" {
statement {
effect = "Allow"
principals {
type = "AWS"
identifiers = [
"${local.principle_roles}"
]
}
actions = [
"s3:ListBucket"
]
resources = [
"arn:aws:s3:::${var.environment}-xxxxxxx"
]
}