Terraform验证json策略失败
我正在尝试使用带有自定义json策略的terraform文件创建一个S3 bucket。我找不到JSON格式的问题。Terraform validate出现错误 错误:“策略”包含无效的JSON:查找值开头的字符“s”无效 在线 }Terraform验证json策略失败,json,validation,terraform,Json,Validation,Terraform,我正在尝试使用带有自定义json策略的terraform文件创建一个S3 bucket。我找不到JSON格式的问题。Terraform validate出现错误 错误:“策略”包含无效的JSON:查找值开头的字符“s”无效 在线 } 我能够通过JSONLINT.com进行验证,发现这不是JSON格式的问题,而是与terraform处理JSON有关的问题这不是一个实际的解决方案,但当我将JSON策略内容移动到terraform文件时,通过在 policy = <<POLICY
我能够通过JSONLINT.com进行验证,发现这不是JSON格式的问题,而是与terraform处理JSON有关的问题这不是一个实际的解决方案,但当我将JSON策略内容移动到terraform文件时,通过在
policy = <<POLICY
{
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Explicit deny",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
],
"Condition": {
"StringNotLike": {
"aws:userId": [
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"999999999999"
]
}
}
},
{
"Sid": "Policy Modification",
"Effect": "Deny",
"Principal": "*",
"Action": [
"s3:cUSTOMpoLICY",
"s3:cUSTOMpoLICY"
],
"Resource": [
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
],
"Condition": {
"StringNotLike": {
"aws:userId": [
"XXXXXXXXXXXXXXXXXXXXX:*",
"999999999999"
]
}
}
}
]
策略=
policy = <<POLICY
{
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Explicit deny",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
],
"Condition": {
"StringNotLike": {
"aws:userId": [
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"XXXX9999XXXXXXXXXXXXX:*",
"999999999999"
]
}
}
},
{
"Sid": "Policy Modification",
"Effect": "Deny",
"Principal": "*",
"Action": [
"s3:cUSTOMpoLICY",
"s3:cUSTOMpoLICY"
],
"Resource": [
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999",
"arn:xxx-xx-xxx:s3:::s999999999999-9999-99999/*"
],
"Condition": {
"StringNotLike": {
"aws:userId": [
"XXXXXXXXXXXXXXXXXXXXX:*",
"999999999999"
]
}
}
}
]