Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/typo3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Terraform 地形aws\u iam\u角色\u政策\u附件_Terraform - Fatal编程技术网
Fatal编程技术网
  • terraform/
  • Terraform 地形aws\u iam\u角色\u政策\u附件

Terraform 地形aws\u iam\u角色\u政策\u附件

terraform

Terraform 地形aws\u iam\u角色\u政策\u附件,terraform,Terraform,我有一些与不同政策一起创建的角色,我不想将它们联系在一起: #Role that gets created in in identity account that okta uses to map AD groups to Roles in AWS resource "aws_iam_role" "create_identity_role" { count = "${length(var.team_name)}" name = "${lookup(var.identity_rol

我有一些与不同政策一起创建的角色,我不想将它们联系在一起:

#Role that gets created in in identity account that okta uses to map AD groups to Roles in AWS
resource "aws_iam_role" "create_identity_role" {
    count = "${length(var.team_name)}"
    name = "${lookup(var.identity_role_name,element(var.team_name, count.index))}"
    assume_role_policy = "${data.aws_iam_policy_document.trustokta.json}"
}

#Role that gets created in each of the accounts that will determine what it is a user will be able to do inside AWS
resource "aws_iam_role" "create_assume_role" {
    count = "${length(var.team_name)}"
    name  = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
    assume_role_policy = "${data.aws_iam_policy_document.trustawsaccount.json}"
}

#Policy that gets created in the identity account which tells AWS which role to assume in a different account
resource "aws_iam_policy" "create_assume_policy" {
    count = "${length(var.team_name)}"
    name  = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
    policy = "${data.template_file.network_assume.rendered}"
}

#Tie my role and polocies together
resource "aws_iam_role_policy_attachment" "attach_assume_policy" {
    count = "${length(var.team_name)}"
    role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
    policy_arn = "${element(aws_iam_policy.create_assume_policy.arn, count.index)}"
}
我遇到的问题是,当策略将自身附加到一个角色时,我不太确定我应该将哪个变量传递到最终资源中的policy\u arn中,以便它对它之前在资源中创建的每个策略进行迭代

地形图错误:

找到问题,使用splat解决:

#Tie my role and polocies together
resource "aws_iam_role_policy_attachment" "attach_assume_policy" {
    count = "${length(var.team_name)}"
    role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
    policy_arn = "${element(aws_iam_policy.create_assume_policy.*.arn, count.index)}"
}
发现问题,使用splat解决:

#Tie my role and polocies together
resource "aws_iam_role_policy_attachment" "attach_assume_policy" {
    count = "${length(var.team_name)}"
    role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
    policy_arn = "${element(aws_iam_policy.create_assume_policy.*.arn, count.index)}"
}
嗨,杜哈斯,什么是“splat”?我看到了代码,但我想更好地理解它。提前谢谢。请看这里关于splat的解释:嗨,杜哈斯,什么是“splat”?我看到了代码,但我想更好地理解它。提前感谢。请参见此处关于splat的说明:和此处: