我正试图使用此问题的答案生成的输出来生成IAM策略的arns列表:
data "aws_iam_policy_document" "test" {
statement {
effect = "Allow"
actions = [ "s3:*" ]
resources = [
for arn in local.s3_folder_arns: [
arn
]
]
}
}
我不断收到这样的错误:
Error: Missing item separator
│
│ on lambda.tf line 111, in data "aws_iam_policy_document" "test":
│ 111: resources = [
│ 112: for arn in local.s3_folder_arns: [
│ 114: arn
│ 115: ]
│ 116: ]
│ ├────────────────
│ │ local.s3_folder_arns is list of string with 9 elements
│
│ Inappropriate value for attribute "resources": element 0: string required.
即使输出变量确认它看起来像我想要的:
Changes to Outputs:
+ s3_folder_arns = [
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User2/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User3/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User4/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client1/User5/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client2/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner1/client3/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner2/client1/User1/output/*",
+ "arn:aws:s3:::<my bucket>/Partner3/client1/User1/output/*",
]
如果我将资源索引为arn[0],这是可行的,但这不是我想要的。我希望动态生成填充IAM策略的资源列表。
我做错了什么?
原来我使用了一对额外的方括号。更改
resources = [
for arn in local.s3_folder_arns: [
arn
]
]
至
resources = [
for arn in local.s3_folder_arns: arn
]
修复了问题。