data "aws_instances" "emr_cluster_ec2s" {
filter {
name = "key-name"
values = ["linkedin-learning-emr-key"]
}
}
data "aws_iam_role" "emr_instance_role" {
name = "AmazonEMR-InstanceProfile-20230407T155038"
}
resource "aws_iam_role_policy" "emr_ec2_connect" {
name = "ec2-connect"
role = "${data.aws_iam_role.emr_instance_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2-instance-connect:SendSSHPublicKey"
],
"Effect": "Allow",
"Resource": ${jsonencode(data.aws_instances.emr_cluster_ec2s.ids)}
},
{
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": "*"
}
}
}
EOF
}
当我执行上述aws角色策略分配时,我得到以下错误:
Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: "policy" contains an invalid JSON policy
│
│ with aws_iam_role_policy.emr_ec2_connect,
│ on ec2-connect.tf line 44, in resource "aws_iam_role_policy" "emr_ec2_connect":
│ 44: policy = <<EOF
│ 45: {
│ 46: "Version": "2012-10-17",
│ 47: "Statement": [
│ 48: {
│ 49: "Action": [
│ 50: "ec2-instance-connect:SendSSHPublicKey"
│ 51: ],
│ 52: "Effect": "Allow",
│ 53: "Resource": ${jsonencode(data.aws_instances.emr_cluster_ec2s.ids)}
│ 54: },
│ 55: {
│ 56: "Action": [
│ 57: "ec2:DescribeInstances"
│ 58: ],
│ 59: "Effect": "Allow",
│ 60: "Resource": "*"
│ 61: }
│ 62: }
│ 63: }
│ 64: EOF
我试着在网上搜索和文档,但我找不到任何有用的东西。请提供一些见解,如果你熟悉这个。根据文档,jsonencode(data.aws_instances.emr_cluster_ec2s.ids)生成一个类似[X1,X2,X3]的元组,这正是我想要完成的。
2023-04-08版本无效。应该是2012-10-17。还有不正确的缩进缺失]。所以应该是:
resource "aws_iam_role_policy" "emr_ec2_connect" {
name = "ec2-connect"
role = "${data.aws_iam_role.emr_instance_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2-instance-connect:SendSSHPublicKey"
],
"Effect": "Allow",
"Resource": ${jsonencode(data.aws_instances.emr_cluster_ec2s.ids)}
},
{
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}