Terraform 地形aws\u iam\u角色\u政策\u附件
我有一些与不同政策一起创建的角色,我不想将它们联系在一起:Terraform 地形aws\u iam\u角色\u政策\u附件,terraform,Terraform,我有一些与不同政策一起创建的角色,我不想将它们联系在一起: #Role that gets created in in identity account that okta uses to map AD groups to Roles in AWS resource "aws_iam_role" "create_identity_role" { count = "${length(var.team_name)}" name = "${lookup(var.identity_rol
#Role that gets created in in identity account that okta uses to map AD groups to Roles in AWS
resource "aws_iam_role" "create_identity_role" {
count = "${length(var.team_name)}"
name = "${lookup(var.identity_role_name,element(var.team_name, count.index))}"
assume_role_policy = "${data.aws_iam_policy_document.trustokta.json}"
}
#Role that gets created in each of the accounts that will determine what it is a user will be able to do inside AWS
resource "aws_iam_role" "create_assume_role" {
count = "${length(var.team_name)}"
name = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
assume_role_policy = "${data.aws_iam_policy_document.trustawsaccount.json}"
}
#Policy that gets created in the identity account which tells AWS which role to assume in a different account
resource "aws_iam_policy" "create_assume_policy" {
count = "${length(var.team_name)}"
name = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
policy = "${data.template_file.network_assume.rendered}"
}
#Tie my role and polocies together
resource "aws_iam_role_policy_attachment" "attach_assume_policy" {
count = "${length(var.team_name)}"
role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
policy_arn = "${element(aws_iam_policy.create_assume_policy.arn, count.index)}"
}
我遇到的问题是,当策略将自身附加到一个角色时,我不太确定我应该将哪个变量传递到最终资源中的policy\u arn中,以便它对它之前在资源中创建的每个策略进行迭代
地形图错误:
找到问题,使用splat解决:
#Tie my role and polocies together
resource "aws_iam_role_policy_attachment" "attach_assume_policy" {
count = "${length(var.team_name)}"
role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
policy_arn = "${element(aws_iam_policy.create_assume_policy.*.arn, count.index)}"
}
发现问题,使用splat解决:
#Tie my role and polocies together
resource "aws_iam_role_policy_attachment" "attach_assume_policy" {
count = "${length(var.team_name)}"
role = "${lookup(var.assume_role_name,element(var.team_name, count.index))}"
policy_arn = "${element(aws_iam_policy.create_assume_policy.*.arn, count.index)}"
}
嗨,杜哈斯,什么是“splat”?我看到了代码,但我想更好地理解它。提前谢谢。请看这里关于splat的解释:嗨,杜哈斯,什么是“splat”?我看到了代码,但我想更好地理解它。提前感谢。请参见此处关于splat的说明:和此处: