我有一个json文件bucketPolicy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:DeleteBucket"
],
"Effect": "Deny",
"Resource": "arn:aws:s3:::$${aws_s3_bucket.destination.id}",
"Principal": {
"AWS": ["*"]
}
}
]
}
我创建了一个template_file作为
data "template_file" "test" {
template = file("./templates/destinationBucketPolicy.json")
vars = {
(aws_s3_bucket.destination.id) = var.destination_bucket_name
}
}
但当我尝试将其用于我的桶策略时
resource "aws_s3_bucket_policy" "destination" {
bucket = aws_s3_bucket.destination.id
policy = data.template_file.test.rendered
}
var.destination_bucket_name的值没有扩展到策略中,而是实际显示为"Resource": "arn:aws:s3:::${aws_s3_bucket.destination.id}"
有没有一种方法可以让它展开,从而获得变量的实际值?
现在最好使用templatefile:
locals {
test = templatefile("${path.module}/destinationBucketPolicy.json",
{
bucket_name = var.destination_bucket_name
})
}
模板为:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:DeleteBucket"
],
"Effect": "Deny",
"Resource": "arn:aws:s3:::${bucket_name}",
"Principal": {
"AWS": ["*"]
}
}
]
}