通过 terraform 创建策略时出现 MalformedPolicyDocument 错误 [英] MalformedPolicyDocument error when creating policy via terraform
本文介绍了通过 terraform 创建策略时出现 MalformedPolicyDocument 错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
运行 terraform 时出现以下错误:
I am getting the following error when running terraform:
* aws_iam_role_policy.rds_policy: Error putting IAM role policy my-rds-policy: MalformedPolicyDocument: The policy failed legacy parsing
这是我对资源的定义:
resource "aws_iam_role_policy" "rds_policy" {
name = "my-rds-policy"
role = "${aws_iam_role.rds_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObjectMetaData",
"s3:GetObject",
"s3:PutObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::my-bucket/backups/*"
]
}
]
}
EOF
}
JSON 政策文档格式正确,我看不到任何明显的内容.
The JSON policy doc is well formed, and I can't see anything obvious.
推荐答案
你需要确保你的 EOF 开头没有任何缩进 heredoc 因为您的 JSON 策略不应以缩进大括号开头.
You need to make sure that you don't have any indentation at the start of your EOF heredoc because your JSON policy should not start with an indented brace.
所以你应该接受这个小小的改变:
So you should be fine with this small change:
resource "aws_iam_role_policy" "rds_policy" {
name = "my-rds-policy"
role = "${aws_iam_role.rds_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my-bucket"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObjectMetaData",
"s3:GetObject",
"s3:PutObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::my-bucket/backups/*"
]
}
]
}
EOF
}
这篇关于通过 terraform 创建策略时出现 MalformedPolicyDocument 错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
