Terraform 在aws_iam_policy_文档中创建多个语句,其中包含值列表中的值(TF 1.13)
我有以下Terraform 在aws_iam_policy_文档中创建多个语句,其中包含值列表中的值(TF 1.13),terraform,terraform-provider-aws,terraform0.12+,Terraform,Terraform Provider Aws,Terraform0.12+,我有以下变量 variable "roles" { type = set(string) default = [ "A", "B", ] } 我想为每个值创建一个带有sts:AssumeRole操作的aws\u iam\u policy\u文档 我试过了 data "aws_iam_policy_document" "service_role_trust_node_worker
变量variable "roles" {
type = set(string)
default = [
"A",
"B",
]
}
sts:AssumeRoleaws\u iam\u policy\u文档
我试过了
data "aws_iam_policy_document" "service_role_trust_node_workers" {
statement {
effect = "Allow"
principals {
identifiers = ["ec2.amazon.com"]
type = "Service"
}
actions = ["sts:AssumeRole"]
}
for_each = var.roles
statement {
effect = "Allow"
sid = "${each.key}-${each.value}"
principals {
identifiers = [
each.value
]
type = "AWS"
}
actions = [
"sts:AssumeRole"
]
}
}
但这就产生了这个
json = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "ec2.amazon.com"
}
+ Sid = ""
},
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ AWS = "B"
}
+ Sid = "B-B"
},
]
+ Version = "2012-10-17"
}
)
因此,出于某种原因,A
被忽略
有什么建议吗?好的,找到了:)
dynamic "statement" {
for_each = var.roles
iterator = role
content {
effect = "Allow"
principals {
identifiers = [
role.value
]
type = "AWS"
}
actions = [
"sts:AssumeRole"
]
}
}