SNS 策略文件中的本地或全局变量无法解析值
问题描述 投票:0回答:1
我正在使用 terraform 创建 SNS 队列。我也在创建自己的 SNS 策略文件
Terraform 代码:-
变量.tf
variable "awsAccId" {
default = "111222433"
}
variable "region" {
default = "ca-central-1"
}
locals.tf
sns_topic_name = "fail-notification"
fail_noti_topic_arn = "arn:aws:sns:${var.region}:${var.awsAccId}:${local.sns_topic_name }"
resource "aws_sns_topic" "fail-noti-topic" {
name = "${local.sns_topic_name }"
}
resource "aws_sns_topic_policy" "fail-noti-topic-policy" {
arn = aws_sns_topic.fail-noti-topic.arn
policy = file("policy/sns-policy.json")
}
resource "aws_sns_topic_subscription" "fail-noti-topic" {
...
...
}
内部策略(文件夹)-> sns-policy.json(文件)
{
"Version": "2012-10-17",
"Id": "${local.sns_topic_name }_policy_ID",
"Statement": [
{
"Sid": "${local.sns_topic_name}_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:AddPermission",
"SNS:Subscribe"
],
"Resource": "${local.fail_noti_topic_arn}",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "{var.awsAccId}"
}
}
}
]
}
我期望 json 中的变量能够解析,并且我会得到
locals.tfvariables.tf相反,访问策略如 AWS 控制台所示是
我尝试使用
policy = jsonencode(file("policy/sns-policy.json"))terraform applypolicyerror Attribute is not valid这个错误在规划阶段是不存在的。
我也尝试过类似的事情
resource "aws_sns_topic_policy" "fail-noti-topic-policy" {
arn = aws_sns_topic.fail-noti-topic.arn
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "${local.sns_topic_name }_policy_ID",
"Statement": [
{
"Sid": "${local.sns_topic_name}_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
......
POLICY
但是,这也不能解析变量及其相应的值。
我应该怎么做,解析策略 JSON 文件中的变量,以便获得它们的实际值,而不是变量本身?
1个回答
0
投票
投票
我通常做的是使用可用于创建策略的数据源,因为最容易获得正确的插值。在这种情况下,它看起来像下面这样:
data "aws_iam_policy_document" "sns_topic_policy" {
statement {
sid = "${local.sns_topic_name }_policy_ID"
effect = "Allow"
actions = [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:AddPermission",
"SNS:Subscribe"
]
condition {
test = "StringEquals"
variable = "aws:SourceOwner"
values = [
var.awsAccId
]
}
resources = [
local.fail_noti_topic_arn
]
principals {
type = "AWS"
identifiers = [
"*"
]
}
}
}
templatefilefileresource "aws_sns_topic_policy" "fail-noti-topic-policy" {
arn = aws_sns_topic.fail-noti-topic.arn
policy = templatefile("${path.root}/policy/sns-policy.json", {
id = "${local.sns_topic_name }_policy_ID"
sid = "${local.sns_topic_name}_statement_ID"
resource = local.fail_noti_topic_arn
account_id = var.awsAccId
})
}
为此,您还必须在模板化 JSON 文件中进行更改:
{
"Version": "2012-10-17",
"Id": "${id}",
"Statement": [
{
"Sid": "${sid}",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:AddPermission",
"SNS:Subscribe"
],
"Resource": "${resource}",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "${account_id}"
}
}
}
]
}
最新问题
- 如何在 PowerShell 中截断分隔符之后/之前的字符串中的文本
- 如何自定义两个变量的图例?
- 仅使用内核的符号名称作为字符串即可获取cuda内核的设备端函数指针(没有签名)
- 如何使用 Data Grid Mui 选择或取消选择表中的行
- 为什么在 Node.js 中向子进程 stdin 写入 CTRL+C 不会终止进程,而通过管道传输却会终止进程?
- Roblox Studio 动画无法播放
- 向 UDP $server->on() 回调函数传入额外参数
- FileField / ImageField 迁移不适用
- 如何在我的 google-services.json 和 firebase.json 文件中为我的 flutter/firebase API 密钥、应用程序 ID 等使用环境变量
- “BatchBlock”在非贪婪模式下无法正常工作
- Databricks Spark 在收集增量表时卡在 0 运行状态
- 如何使用着色器使我的砖墙看起来更真实并具有一些颜色变化?
- 元营销 API v20.0 - 将字段规范归咎于优化目标
- 如何显示多个点之间的路线图?
- flutter 应用程序在启动时就崩溃了
- 安装 cors-headers 后尝试运行服务器时出现 Django 错误
- 字符串文字的类型
- 打开不支持的压缩类型的zip文件会默默地返回空文件流,而不是抛出异常
- 如何从多个工作表的列表中创建唯一值的列表
- 同一 VPS 上前端和后端之间的连接问题
© www.soinside.com 2019 - 2024. All rights reserved.