AWS iam terraform中的角色ID与角色名称，什么时候使用? [英] aws iam role id vs role name in terraform, when to use which?

问题描述

在terraform的官方网站上，他们有这样的示例( https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy ):

In terraform's official site, they have an example like this (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy):

resource "aws_iam_role_policy" "test_policy" {
  name = "test_policy"
  role = aws_iam_role.test_role.id

  # Terraform's "jsonencode" function converts a
  # Terraform expression result to valid JSON syntax.
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "ec2:Describe*",
        ]
        Effect   = "Allow"
        Resource = "*"
      },
    ]
  })
}

resource "aws_iam_role" "test_role" {
  name = "test_role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
}

他们通过在策略中设置角色ID将策略附加到角色上，即:

where they attach a policy to a role by setting the role id in the policy, namely:

role = aws_iam_role.test_role.id

但是在我们的一个团队项目中，以这种方式设置对我来说不起作用，我不断出错(请在此处查看详细信息

But setting it this way didn't work for me in one of our team projects, I kept on getting errors (see details here Task role defined by Terraform not working correctly for ECS scheduled task). Eventually, I realized that I had to set it using role name like this in my policy:

role = aws_iam_role.my_role.name

但是我确实在其他团队项目中看到我的同事正在使用角色ID的实例.我想知道在Terraform上下文中id和name之间的区别以及何时使用它们.

But I do see instances in our other team projects where my coworkers are using role id. I wonder what are the differences between id and name in the context of terraform and when to use which.

推荐答案

正如已经指出的， id 和 name 没有区别>.您可以通过简单地输出角色来检查它:

As already pointed out, there is no difference between id and name. You can check it by simply outputting your role:

output "test" {
  value = aws_iam_role.test_role
}

表示 id 和 name 均设置为 test_role :

test = {
  "arn" = "arn:aws:iam::xxxxxx:role/test_role"
  "assume_role_policy" = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}"
  "create_date" = "2021-02-14T01:25:48Z"
  "description" = ""
  "force_detach_policies" = false
  "id" = "test_role"
  "max_session_duration" = 3600
  "name" = "test_role"
  "name_prefix" = tostring(null)
  "path" = "/"
  "permissions_boundary" = tostring(null)
  "tags" = tomap({})
  "unique_id" = "AROASZHPM3IXXHCEBQ6OD"
}

这篇关于AWS iam terraform中的角色ID与角色名称，什么时候使用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！