Amazon web services 更新:iam_策略_文档:错误:InvalidParameter:无效参数:策略错误:空状态代码:400,请求id
因此,我正在尝试将一个非模块化的地形设置迁移为由模块组成。我遇到了这个错误。我知道这不是特定于terraform的错误,但terraform是我正在使用的 实现这一目标所需的所有模块的整体结构包括:Amazon web services 更新:iam_策略_文档:错误:InvalidParameter:无效参数:策略错误:空状态代码:400,请求id,amazon-web-services,amazon-sns,terraform0.12+,Amazon Web Services,Amazon Sns,Terraform0.12+,因此,我正在尝试将一个非模块化的地形设置迁移为由模块组成。我遇到了这个错误。我知道这不是特定于terraform的错误,但terraform是我正在使用的 实现这一目标所需的所有模块的整体结构包括: %ls caller_identity event_rule event_target iam_policy_document sns_topic_policy 在调用者身份中: ls main.tf output.tf variable.tf 在事件规则中: ma
%ls
caller_identity event_rule event_target iam_policy_document sns_topic_policy
在调用者身份中:
ls
main.tf output.tf variable.tf
在事件规则中:
main.tf output.tf variable.tf
在事件_目标中:
main.tf variable.tf (i did not seem to need to have an output to be used somewhere else.)
在iam_政策文件中:
ls% main.tf output.tf variable.tf
data "aws_iam_policy_document" "this" {
statement {
actions = [
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish",
"SNS:Receive"
]
condition {
test = "StringEquals"
variable = "AWS:SourceOwner"
values = [
var.account
]
}
effect = "Allow"
principals {
type = "AWS"
identifiers = ["*"]
}
resources = [
var.arn
]
sid = "__default_statement_ID"
}
statement {
actions = [
"sns:Publish"
]
effect = "Allow"
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = [
var.arn
]
sid = "TrustCWEToPublishEventsToMyTopic"
}
}
在sns_主题_策略中:
main.tf output.tf variable.tf
resource "aws_sns_topic_policy" "this" {
arn = var.arn
policy = var.policy
}
我开始按照发布的顺序重做它们,然后边做边测试。当所有这些都说了算,terraform需要建造4个项目;我知道这是肯定的,因为非模块版本是我的基础
所以,在我进入aws主题政策之前,一切似乎都正常
这是如果我敲出sns_主题
}
}
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
我点击yes,它就完成了我下面所说的输出
现在,一旦我添加了sns模块,它就会失控
我的产出:
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
caller_identity_out = 012345678910
cloudwatch_event_rule_out = Detect-Local-User-Creations
iam_policy_document_out = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Action": [
"SNS:Subscribe",
"SNS:SetTopicAttributes",
"SNS:RemovePermission",
"SNS:Receive",
"SNS:Publish",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:DeleteTopic",
"SNS:AddPermission"
],
"Resource": "arn:aws:sns:us-east-1:012345678910:tf-SnsTopic-EmailSNSTopic-9JJZS66CE1CW",
"Principal": {
"AWS": "*"
},
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "012345678910"
}
}
},
{
"Sid": "TrustCWEToPublishEventsToMyTopic",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:aws:sns:us-east-1:012345678910:tf-SnsTopic-EmailSNSTopic-9JJZS66CE1CW",
"Principal": {
"Service": "events.amazonaws.com"
}
}
]
}
根据我所看到的,我不知道它指的是什么。我消除这个错误的唯一方法是使用jsonencode。然而,这就是下一个错误发生的地方
iam_policy_document: Error: InvalidParameter: Invalid parameter: Policy Error: null status code: 400,
output.tf文件
output "iam_policy_document_out" {
value = data.aws_iam_policy_document.this.json
}
有人提到不需要JSONECode,如果我去掉它,就会发生这种情况
更改#policy=jsonecode(“module.aws#iam#u policy_document.iam#u policy_document_out”)时收到错误
policy=“module.aws\u iam\u policy\u document.iam\u policy\u document\u out”
错误::
dLocalUsers]
module.iam_policy_document.data.aws_iam_policy_document.this: Refreshing state...
Error: "policy" contains an invalid JSON: invalid character 'm' looking for beginning of value
on ../../../modules/cloudwatch/sns_topic_policy/main.tf line 3, in resource "aws_sns_topic_policy" "this":
3: policy = var.policy
最新的事情是当我实现答案中的“备选方案”时。
我得到这个错误,但我看不出有问题。我不明白出了什么差错。我让输出工作,它在sns_主题中声明。。所以要么我错过了显而易见的,我不知道
Error: Reference to undeclared module
on main.tf line 43, in module "sns_topic_policy":
43: policy = module.aws_iam_policy_document.iam_policy_document_out.json
No module call named "aws_iam_policy_document" is declared in the root module.
您的
iam\u策略\u文档\u out
已采用json
格式:
value = data.aws_iam_policy_document.this.json
因此,在模块中,应使用以下内容:
module "sns_topic_policy" {
source = "./sns_topic_policy/"
arn = module.SnsTopic.arn
policy = module.aws_iam_policy_document.iam_policy_document_out
}
还可能存在其他问题,这些问题在部署代码之前并不明显
备选方案:
很难猜测。什么是iam政策文件?你的问题中没有显示它的形式。哦,是的,让我在原来的问题上再补充一些信息。。谢谢-这是我最初说的,但我收到了这个错误。添加jsonencode是我让它更进一步的唯一方法。我将把错误添加到初始问题的底部。@Randal不需要JSONENCODE。这就是它在中的实现方式,我可以确认它在总体上是有效的。我将在回答中提供另一种方式。这是我缺乏TF技能的原因。我所做的是在variable.tf中创建变量,而不是实际将引用放在我运行的main.tf中。。这可能是完全错误的,但这就是我所能理解的。@Randal你知道这个
无效字符“m”是从哪里来的吗?我看不出这项政策有什么问题,所以我把一切都重新检查了一遍。看来你的答案是基本的解决方案。我注意到对输出的引用是错误的,这最终完成了最后一部分。这样就完成了,谢谢你提供的信息。
output "iam_policy_document_out" {
value = data.aws_iam_policy_document.this
}
module "sns_topic_policy" {
source = "./sns_topic_policy/"
arn = module.SnsTopic.arn
policy = module.aws_iam_policy_document.iam_policy_document_out.json
}