Ver*_*erb 3 amazon-iam terraform amazon-ecr
我看到很多针对此类问题的主题,但无法解决这个问题。
我正在尝试使用附件策略创建 AWS IAM 角色,但我始终遇到此问题:
错误:创建 IAM 角色测试角色时出错:MalformedPolicyDocument:JSON 字符串不得有前导空格
我完全同意文档:
角色:https ://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role
请找到我的配置
resource "aws_iam_instance_profile" "test-role-profile" {
name = "test-role-profile"
role = aws_iam_role.test-role.name
}
resource "aws_iam_role" "test-role" {
name = "test-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ecr.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_policy" "test-role-policy" {
name = "test-role-policy"
description = "Test role policy"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ecr:CreateRepository",
"ecr:DescribeImages",
"ecr:DescribeRegistry",
"ecr:DescribeRepositories",
"ecr:GetAuthorizationToken",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:GetRegistryPolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:ListTagsForResource",
"ecr:PutLifecyclePolicy",
"ecr:PutRegistryPolicy",
"ecr:SetRepositoryPolicy",
"ecr:StartLifecyclePolicyPreview",
"ecr:PutImage"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "test-role-attach" {
role = aws_iam_role.test-role.name
policy_arn = aws_iam_policy.test-role-policy.arn
}
版本:Terraform v0.12.31
有人有主意吗?
Thks
{JSON 字符串中的第一个字符之前有一些空格:
resource "aws_iam_role" "test-role" {
name = "test-role"
assume_role_policy = <<EOF
{
它应该看起来像这样:
resource "aws_iam_role" "test-role" {
name = "test-role"
assume_role_policy = <<EOF
{
我个人建议切换到构建 JSON 字符串的方法(您可以在第一个链接中jsonencode()查看示例),或者使用aws_iam_policy_document构建您的 IAM 策略。
| 归档时间: |
|
| 查看次数: |
6717 次 |
| 最近记录: |