Amazon web services terraform中的多个IAM用户创建
我试图在terraform中创建多个用户,并给他们附加一个策略。但这给了我一个错误 下面是代码Amazon web services terraform中的多个IAM用户创建,amazon-web-services,terraform,Amazon Web Services,Terraform,我试图在terraform中创建多个用户,并给他们附加一个策略。但这给了我一个错误 下面是代码 provider "aws" { region = "us-east-1" assume_role { role_arn = "arn:aws:iam::57XXXXXXX1:role/terraform-role" } } resource "aws_iam_user" "user
provider "aws" {
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::57XXXXXXX1:role/terraform-role"
}
}
resource "aws_iam_user" "user" {
for_each = var.module_enabled ? var.names : []
name = each.key
path = "/"
}
output "user" {
value = "${aws_iam_user.user[*]}"
}
resource "aws_iam_policy" "terraform-policy" {
name = "test_policy_terraform"
path = "/"
description = "My test terraform policy"
# Terraform's "jsonencode" function converts a
# Terraform expression result to valid JSON syntax.
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"ec2:Describe*",
]
Effect = "Allow"
Resource = "*"
},
]
})
}
output "policy-arn" {
value = aws_iam_policy.terraform-policy.arn
}
resource "aws_iam_user_policy_attachment" "test-attach" {
/* for_each = var.module_enabled ? var.names : []*/
user = "${aws_iam_user.user[*].name}"
policy_arn = aws_iam_policy.terraform-policy.arn
}
terraform apply-var file=“mypars.tfvars”给出以下错误。
名称是资源“aws\u iam\u用户”的属性参考之一
在您的
aws\u iam\u用户策略\u附件中
您必须迭代aws\u iam\u用户
。因此,你的评论是正确的
resource "aws_iam_user_policy_attachment" "test-attach" {
for_each = var.module_enabled ? var.names : []
user = each.key
policy_arn = aws_iam_policy.terraform-policy.arn
}
如果您愿意,您也可以使用您的aws\u iam\u用户
:
resource "aws_iam_user_policy_attachment" "test-attach" {
for_each = var.module_enabled ? aws_iam_user.user : {}
user = each.key
policy_arn = aws_iam_policy.terraform-policy.arn
}
在您的
aws\u iam\u用户策略\u附件中
您必须迭代aws\u iam\u用户
。因此,你的评论是正确的
resource "aws_iam_user_policy_attachment" "test-attach" {
for_each = var.module_enabled ? var.names : []
user = each.key
policy_arn = aws_iam_policy.terraform-policy.arn
}
如果您愿意,您也可以使用您的aws\u iam\u用户
:
resource "aws_iam_user_policy_attachment" "test-attach" {
for_each = var.module_enabled ? aws_iam_user.user : {}
user = each.key
policy_arn = aws_iam_policy.terraform-policy.arn
}