是否可以迭代principal -> identifiers in Data Source: aws_iam_policy_document?
Terraform版本:v0.11.15
data "aws_iam_policy_document" "kms_cmk_policy_document" {
statement {
sid = "Allow access for Key Administrators"
actions = [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:TagResource",
"kms:UntagResource",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion",
]
resources = ["*"]
effect = "Allow"
principals {
type = "AWS"
identifiers = ["arn:aws:iam::accountName:role/${var.env_name}-role"] <--- NEED TO ITERATE WITH GIVEN "var.env_names" LIST
}
}
}
是的,您可以迭代:
identifiers = [for env_name in var.env_name: "arn:aws:iam::accountName:role/${env_name}-role"]
对于TF 0.11:
identifiers = "${formatlist("arn:aws:iam::accountName:role/%s-role", var.env_name)}"