如何使用Terraform将资源动态附加到内联策略?
我正在创建一个内联策略,并希望动态附加一个资源 以下是我的政策:如何使用Terraform将资源动态附加到内联策略?,terraform,terraform-provider-aws,Terraform,Terraform Provider Aws,我正在创建一个内联策略,并希望动态附加一个资源 以下是我的政策: resource "aws_iam_policy" "lambda_secret_policy" { name = "${var.name}-lambda-role" description = "grants lambda access to secret manager" assume_role_policy = <<
resource "aws_iam_policy" "lambda_secret_policy" {
name = "${var.name}-lambda-role"
description = "grants lambda access to secret manager"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
],
"Resource": [
<where I would like to dynamically assign the exampleSecretResource resource>
]
}
]
}
EOF
}
因此,我使用数据
块获取了exampleSecretResource
,并希望将其附加到上述策略中的资源列表中。这是内联的还是需要使用资源块显式构建策略
如果我可以动态地内联连接,我会怎么做?(我在这里使用了正确的术语吗?如果我理解正确,以下内容可以满足您的要求:
data "aws_secretsmanager_secret" "exampleSecretResource" {
arn = var.secretArn
}
resource "aws_iam_policy" "lambda_secret_policy" {
name = "${var.name}-lambda-role"
description = "grants lambda access to secret manager"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
],
"Resource": [
"${data.aws_secretsmanager_secret.exampleSecretResource.arn}"
]
}
]
}
EOF
}
data“aws\u secretsmanager\u secret”“exampleSecretResource”{
arn=var.secretArn
}
资源“aws_iam_策略”“lambda_机密策略”{
name=“${var.name}-lambda角色”
description=“授予lambda对机密管理器的访问权”
假设_role_policy=什么是exampleSecretResource
?一个角色,一个托管策略?能否显示其示例?添加了数据
块进行解释。
data "aws_secretsmanager_secret" "exampleSecretResource" {
arn = var.secretArn
}
resource "aws_iam_policy" "lambda_secret_policy" {
name = "${var.name}-lambda-role"
description = "grants lambda access to secret manager"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
],
"Resource": [
"${data.aws_secretsmanager_secret.exampleSecretResource.arn}"
]
}
]
}
EOF
}