我试图创建一个可选的iam策略,但我一直得到类型不匹配的错误,我试过包装它在尝试的,但它从来没有成功过,有人有任何想法吗?
ssm_readonly_policies = can(coalescelist(local.ssm_parameters)) ? [
{
Sid = "ReadOnlyParametersSSM"
Effect = "Allow"
Action = [
"ssm:GetParameter*"
]
Resource = flatten([for param in local.ssm_parameters : join(":", [
"arn:aws:ssm", param["region"], param["account"], join("/", ["parameter", param["name"]])
])])
},
{
Sid = "ListOnlyParametersSSM"
Effect = "Allow"
Action = "ssm:DescribeParameters"
Resource = "*"
}
] : []
local的格式。ssm_parameters是
ssm_parameters = [
{
name = "blah"
region = "blah"
account = "blah"
}
]
我通过在try中添加coaleselist来避免if语句来解决这个问题所以如果它为空,它将无法创建空列表
ssm_readonly_policies = try([
{
Sid = "ReadOnlyParametersSSM"
Effect = "Allow"
Action = [
"ssm:GetParameter*"
]
Resource = flatten([for param in coalescelist(local.ssm_parameters) : join(":", [
"arn:aws:ssm", param["region"], param["account"], join("/", ["parameter", param["name"]])
])])
},
{
Sid = "ListOnlyParametersSSM"
Effect = "Allow"
Action = "ssm:DescribeParameters"
Resource = "*"
}
], [])