json 文件中的地形变化不会得到更新

Question

我有一个创建 sns 及其策略的 AWS SNS 模块

resource "aws_sns_topic" "topic" {
  name                                  = var.name
  display_name                          = var.name
  content_based_deduplication           = var.sns_content_based_deduplication
  fifo_topic                            = var.fifo_topic
  firehose_success_feedback_sample_rate = var.firehose_success_rate
  http_success_feedback_sample_rate     = var.http_success_rate
  lambda_success_feedback_sample_rate   = var.lambda_success_rate
  sqs_success_feedback_sample_rate      = var.sqs_success_rate
}
resource "aws_sns_topic_policy" "topic_policy" {
  arn = aws_sns_topic.topic.arn
  policy = templatefile("./sns_topic_policy.json", {})
  depends_on = [aws_sns_topic.topic]
}

和一个json文件在同一个目录

sns_topic_policy.json

{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
    {
    "Effect": "Allow",
    "Principal": {
        "AWS": "*"
    },
    "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
    ],
    "Resource": "*",
    "Condition": {
        "StringEquals": {
        "AWS:SourceOwner": "*"
        }
    }
]
}

我确实申请了一切。现在我想更新 json 文件中的策略

{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
    {
    "Effect": "Allow",
    "Principal": {
        "AWS": "*"
    },
    "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
    ],
    "Resource": "*",
    "Condition": {
        "StringEquals": {
        "AWS:SourceOwner": "*"
        }
    },
{
    "Sid": "Example SNS topic policy",
    "Effect": "Allow",
    "Principal": {
        "Service": "s3.amazonaws.com"
    },
    "Action": "SNS:Publish",
    "Resource": *,
    "Condition": {
        "StringEquals": {
        "aws:SourceAccount": *
        },
        "ArnLike": {
        "aws:SourceArn": "*"
        }
    }
]
}

但是当我运行

plan

时，它说没有任何改变。任何人遇到同样的问题，你的解决方案是什么？假设继续使用 json 文件作为策略（为了保持

main.tf

更干净一点）

提前致谢

Answer 1

尝试使用此 AWS link 生成您的策略。我在 Terraform 中将此工具用于我的政策，我从来没有遇到过问题。

Answer 2

作为解决方法，您可以将 var 添加到模板文件函数，并在策略中引用它。然后，每次编辑策略时增加该值。这将触发更新。

main.tf

resource "aws_sns_topic_policy" "topic_policy" {
  arn = aws_sns_topic.topic.arn
  policy = templatefile("./sns_topic_policy.json", { version = 1 })
  depends_on = [aws_sns_topic.topic]
}

sns_topic_policy.json

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "SnsPolicy${version}"
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "*"
        }
      }
    }
  ]
}

更好的方法是将版本作为变量传递：

resource "aws_sns_topic_policy" "topic_policy" {
  arn = aws_sns_topic.topic.arn
  policy = templatefile("./sns_topic_policy.json", { version = var.policy_version })
  depends_on = [aws_sns_topic.topic]
}

json 文件中的地形变化不会得到更新

问题描述投票：0回答：2

2个回答

最新问题

json 文件中的地形变化不会得到更新

问题描述 投票：0回答：2

2个回答

最新问题

问题描述投票：0回答：2