Fatal编程技术网

Amazon web services terraform中的多个IAM用户创建

amazon-web-services terraform

Amazon web services terraform中的多个IAM用户创建,amazon-web-services,terraform,Amazon Web Services,Terraform,我试图在terraform中创建多个用户,并给他们附加一个策略。但这给了我一个错误 下面是代码 provider "aws" { region = "us-east-1" assume_role { role_arn = "arn:aws:iam::57XXXXXXX1:role/terraform-role" } } resource "aws_iam_user" "user

我试图在terraform中创建多个用户,并给他们附加一个策略。但这给了我一个错误

下面是代码

provider "aws" {
  region     = "us-east-1"

  assume_role {
    role_arn = "arn:aws:iam::57XXXXXXX1:role/terraform-role"
  }
}
resource "aws_iam_user" "user" {
  for_each = var.module_enabled ? var.names : []

  name                 = each.key
  path                 = "/"

}
output "user" {
    value = "${aws_iam_user.user[*]}"
}

resource "aws_iam_policy" "terraform-policy" {
  name        = "test_policy_terraform"
  path        = "/"
  description = "My test terraform policy"

  # Terraform's "jsonencode" function converts a
  # Terraform expression result to valid JSON syntax.
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "ec2:Describe*",
        ]
        Effect   = "Allow"
        Resource = "*"
      },
    ]
  })
}

output "policy-arn" {
   value = aws_iam_policy.terraform-policy.arn
}

resource "aws_iam_user_policy_attachment" "test-attach" {
/*  for_each = var.module_enabled ? var.names : []*/
  user       = "${aws_iam_user.user[*].name}"
  policy_arn = aws_iam_policy.terraform-policy.arn
}
terraform apply-var file=“mypars.tfvars”给出以下错误。 名称是资源“aws\u iam\u用户”的属性参考之一

在您的
aws\u iam\u用户策略\u附件中
您必须迭代
aws\u iam\u用户
。因此,你的评论是正确的

resource "aws_iam_user_policy_attachment" "test-attach" {

  for_each = var.module_enabled ? var.names : []

  user       = each.key
  policy_arn = aws_iam_policy.terraform-policy.arn
}
如果您愿意,您也可以使用您的
aws\u iam\u用户

resource "aws_iam_user_policy_attachment" "test-attach" {

  for_each = var.module_enabled ? aws_iam_user.user : {}

  user       = each.key
  policy_arn = aws_iam_policy.terraform-policy.arn
}
在您的
aws\u iam\u用户策略\u附件中
您必须迭代
aws\u iam\u用户
。因此,你的评论是正确的

resource "aws_iam_user_policy_attachment" "test-attach" {

  for_each = var.module_enabled ? var.names : []

  user       = each.key
  policy_arn = aws_iam_policy.terraform-policy.arn
}
如果您愿意,您也可以使用您的
aws\u iam\u用户

resource "aws_iam_user_policy_attachment" "test-attach" {

  for_each = var.module_enabled ? aws_iam_user.user : {}

  user       = each.key
  policy_arn = aws_iam_policy.terraform-policy.arn
}