Terraform 将新权限附加到AWS中的角色
我正在尝试使用aws和terraform与secretsmanager合作。我有一个文件,里面有关于角色的所有信息,这是关于我想要管理的角色的信息Terraform 将新权限附加到AWS中的角色,terraform,amazon-iam,aws-secrets-manager,Terraform,Amazon Iam,Aws Secrets Manager,我正在尝试使用aws和terraform与secretsmanager合作。我有一个文件,里面有关于角色的所有信息,这是关于我想要管理的角色的信息 data "aws_iam_policy_document" "ecs_task_execution_role" { version = "2012-10-17" statement{ sid = "" effect = "Allow" actions = ["sts:AssumeRole"] principals { ty
data "aws_iam_policy_document" "ecs_task_execution_role" {
version = "2012-10-17"
statement{
sid = ""
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ecs-tasks.amazonaws.com",
"secretsmanager.amazonaws.com"]
}
}
}
resource "aws_iam_role" "ecs_task_execution_role" {
name = var.ecs_task_execution_role_name
assume_role_policy =
data.aws_iam_policy_document.ecs_task_execution_role.json
}
resource "aws_iam_role_policy_attachment" "ecs_task_execution_role" {
role = aws_iam_role.ecs_task_execution_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
}
Fetching secret data from AWS Secrets Manager in region xxxxx: secret arn:aws:secretsmanager:xxxxx:xxxxxxx:secret:name_value-AdGDbr: AccessDeniedException: User: arn:aws:sts::xxxxxxxxxxx:assumed-role/myEcsTaskExecutionRole/d340cba6-979f-4da1-b4be-d750fc8bd1e9 is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:xxxxx:xxxxxx:secret:name_value-AdGDbr status code: 400, request id: 2670987f-11a1-48d0-b20f-ce6077bd3bea
Error: Error creating IAM Role myEcsTaskExecutionRole: MalformedPolicyDocument: AssumeRole policy may only specify STS AssumeRole actions.
status code: 400, request id: 4fc091d4-d524-11e9-b4ab-b56d84ddb1ca
我如何附加此使用secretsmanager的权限?。非常感谢最后,这太简单了,我必须添加一个新资源,使用新名称和不同的策略:
resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_2" {
role = aws_iam_role.ecs_task_execution_role.name
policy_arn = "arn:aws:iam::aws:policy/SecretsManagerReadWrite"
}