Terraform 尝试传递aws_secretsmanager_secret_版本值时出错_Terraform_Aws Secrets Manager

Terraform 尝试传递aws_secretsmanager_secret_版本值时出错

terraform

Terraform 尝试传递aws_secretsmanager_secret_版本值时出错,terraform,aws-secrets-manager,Terraform,Aws Secrets Manager,在RDS AWS创建的密码部分，我试图传递AWS\u secretsmanager\u secret\u version值。我正在犯错误 resource "aws_db_instance" "airflow" { allocated_storage = "${var.rds_allocated_storage}" storage_type = "${var.rds_storage_type}" sto

在RDS AWS创建的密码部分，我试图传递

AWS\u secretsmanager\u secret\u version

值。我正在犯错误

resource "aws_db_instance" "airflow" {
  allocated_storage                   = "${var.rds_allocated_storage}"
  storage_type                        = "${var.rds_storage_type}"
  storage_encrypted                   = "true"
  engine                              = "mysql"
  engine_version                      = "${var.rds_engine_version}"
  instance_class                      = "${var.rds_instance_class}"
  name                                = "airflow"
  identifier                          = "airflow"
  username                            = "${var.rds_username}"
  password                            = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
  parameter_group_name                = "-airflow-mysql"
  vpc_security_group_ids              = ["${aws_security_group_airflow_sg.id}"]
  db_subnet_group_name                = "${aws_db_subnet_group.airflow_rds.id}"
  kms_key_id                          = "${data.aws_kms_key.rds.arn}"
  license_model                       = "general-public-license"

  depends_on = [
    aws_db_parameter_group.airflow_mysql
  ]

  tags = merge(
    var.common_tags,
    map("Classification", "private"),
    map("Name", "-airflow-rds")
  )
}

secretmanager.tf

resource "aws_secretsmanager_secret" "secret" {
  description         = "airflow"
  kms_key_id          = "${data.aws_kms_key.sm.arn}"
  name                = "airflow"
}
resource "random_string" "rds_password" {
  length = 16
  special = true
  override_special = "/@\" "
}


resource "aws_secretsmanager_secret_version" "secret" {
  secret_id     = "${aws_secretsmanager_secret.secret.id}"
  secret_string = <<EOF
{
  "rds_password": "${random_string.rds_password.result}"
  }
EOF
}

资源“aws\u secretsmanager\u secret”“secret”{
description=“气流”
kms_key_id=“${data.aws_kms_key.sm.arn}”
name=“气流”
}
资源“随机字符串”“rds\U密码”{
长度=16
特殊=真实
覆盖_special=“/@”
}
资源“aws\u secretsmanager\u secret\u版本”“secret”{
secret_id=“${aws_secretsmanager_secret.secret.id}”
secret_string=正如您在key val中看到的，secret_string中的对象应该被注入jsonencode（）
请看以下示例（改编自文档页面）：
我认为您没有正确索引地图。问题在于secret\u string][“rds\u password”]

替换
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"

与
不能在变量块中添加动态变量。对，这不起作用。
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"

password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string["rds_password"])}"