我正在尝试使用 Terraform 创建 IAM 角色和 IAM 策略。
\n我收到此错误:
\n\xe2\x94\x82 Error: error creating IAM Role (asg-domain-join-policy): MalformedPolicyDocument: Has prohibited field Resource\n \n status code: 400, request id: 53fa1ae0-f22f-4f2e-8aa6-1947421eae9b\n\n with aws_iam_role.ad_join_role,\n on iam.tf line 30, in resource "aws_iam_role" "ad_join_role":\n 30: resource "aws_iam_role" "ad_join_role" {\n我当前的 IAM 角色代码如下:
\nresource "aws_iam_role" "ad_join_role" {\n name = "asg-domain-join-policy"\n assume_role_policy = data.aws_iam_policy_document.asg_domain_join_policy.json\n permissions_boundary = "arn:aws:iam::${var.account_id}:policy/****"\n}\nIAM 策略的代码如下:
\ndata "aws_iam_policy_document" "asg_domain_join_policy" {\n statement {\n actions = [\n "ssm:DescribeAssociation",\n "ssm:GetDocument",\n "ssm:ListAssociations",\n "ssm:UpdateAssociationStatus",\n "ssm:UpdateInstanceInformation",\n …我正在构建一个 Cloudwatch 触发器,以在工作周(周一至周五)的 9 点至 17 点(上午 9 点至下午 5 点)之间每小时触发一次
Terraform 向我抛出此错误:
ValidationException: Parameter ScheduleExpression is not valid.
这是我的时间表表达式:schedule_expression = "cron(0 9-17 * * MON-FRI *)"
有谁知道为什么无效?