我正在尝试创建一个曾经假定的角色,该角色应为AWS帐户之外的某些用户提供特定存储桶的访问
resource "aws_iam_role" "s3_role_access" {
name = "${var.s3_role_name}"
assume_role_policy = "${data.template_file.iam_policy_s3_assume.rendered}"
description = "Role providing access to ${var.s3_role_bucket_name}/${var.s3_role_bucket_path}"
}
resource "aws_iam_role_policy" "s3_role_access" {
name = "${var.s3_role_name}"
role = "${aws_iam_role.s3_role_access.id}"
policy = "${data.template_file.iam_policy_s3_permissions.rendered}"
}
我希望该计划成功,但我会得到以下内容:
错误:错误运行计划:发生1个错误: * module.xxx.aws_iam_role_policy.s3_role_access:发生1个错误: * module.xxx.aws_iam_role_policy.s3_role_access:资源'aws_iam_role.s3_role_access'找不到可变量的 'aws_iam_role.s3_role_access.id'
应如https://www.terraform.io/docs/providers/aws/r/r/r/r/r/r/r/r/r/r/r/iam_html#id
看来,策略中通过的JSON未正确渲染。
如果在创建AWS_IAM_ROLE.S3_ROLE_ACCESS期间存在错误,有时Terraform在创建AWS_IAM_ROLE_POLICY.S3_ROLE_ACCESS时,Terraform不正确显示上述错误。/p>
在这种情况下,您可以检查AWS_IAM_ROLE.S3_ROLE_ACCESS评论AWS_IAM_ROLE_POLICY资源用于测试。