如何解决如何为 AWS ecr IAM 角色解析 json 字符串在 terraform 中不能有前导空格
我看到很多针对此类问题的话题,但都无法解决。
我正在尝试使用附件策略创建 AWS IAM 角色,但我总是遇到这个问题:
错误:创建 IAM 角色测试角色时出错:MalformedPolicyDocument:JSON 字符串不能有前导空格
我完全符合文档:
角色:https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role
请找到我的配置
resource "aws_iam_instance_profile" "test-role-profile" {
name = "test-role-profile"
role = aws_iam_role.test-role.name
}
resource "aws_iam_role" "test-role" {
name = "test-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17","Statement": [
{
"Action": "sts:AssumeRole","Principal": {
"Service": "ecr.amazonaws.com"
},"Effect": "Allow","Sid": ""
}
]
}
EOF
}
resource "aws_iam_policy" "test-role-policy" {
name = "test-role-policy"
description = "Test role policy"
policy = <<EOF
{
"Version": "2012-10-17","Statement": [
{
"Action": [
"ecr:CreateRepository","ecr:DescribeImages","ecr:DescribeRegistry","ecr:DescribeRepositories","ecr:GetAuthorizationToken","ecr:GetLifecyclePolicy","ecr:GetLifecyclePolicyPreview","ecr:GetRegistryPolicy","ecr:GetRepositoryPolicy","ecr:ListImages","ecr:ListTagsForResource","ecr:PutLifecyclePolicy","ecr:PutRegistryPolicy","ecr:SetRepositoryPolicy","ecr:StartLifecyclePolicyPreview","ecr:PutImage"
],"Resource": "*"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "test-role-attach" {
role = aws_iam_role.test-role.name
policy_arn = aws_iam_policy.test-role-policy.arn
}
版本:Terraform v0.12.31
有人有想法吗?
谢谢
解决方法
此处 JSON 字符串中的第一个 {
字符前有一些空格:
resource "aws_iam_role" "test-role" {
name = "test-role"
assume_role_policy = <<EOF
{
它应该看起来像这样:
resource "aws_iam_role" "test-role" {
name = "test-role"
assume_role_policy = <<EOF
{
我个人建议切换到构建 JSON 字符串的 jsonencode()
方法,您可以看到 in your first link 的示例,或者使用 aws_iam_policy_document 构建您的 IAM 策略。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。