我正在创建数据资源以创建允许用户访问rds的策略文档,但是我仍然在如何使用格式来传递account_id和rds的resource_id上苦苦挣扎,
代码:
data "aws_iam_policy_document" "iam_authentication_doc" {
depends_on = [aws_db_instance.name]
statement {
effect = "Allow"
actions = [
"rds-db:connect"
]
resources = flatten([format("arn:aws:rds-db:us-east-1:${var.account_id}:dbuser:${aws_db_instance.name.resource_id}/%s", var.usernames)])
}
}
错误:
resources = flatten([format("arn:aws:rds-db:us-east-1:${var.account_id}:dbuser:${aws_db_instance.pgauth.resource_id}/%s", var.usernames)])
|----------------
| aws_db_instance.pgauth.resource_id is "db-xxxxxxxxxxxxxxxx"
| var.account_id is 8.12345678901+11
| var.usernames is list of string with 12 elements
Call to function "format" failed: unsupported value for "%s" at 75: string
required.
我尝试通过]
[formatlist("arn:aws:rds-db:us-east-1:%s:dbuser:%s/%s", var.account_id, aws_db_instance.pgauth.resource_id, var.amp_usernames)]
出现错误
22: resources = [formatlist("arn:aws:rds-db:us-east-1:%s:dbuser:%s/%s", var.account_id, aws_db_instance.name.resource_id, var.usernames)] |---------------- | aws_db_instance.name.resource_id is "db-xxxxxxxxxxxxxxx" | var.account_id is "123456789012" | var.usernames is list of string with 12 elements Inappropriate value for attribute "resources": element 0: string required.我想要类似的资源
arn:aws:rds-db:us-east1:1234567890:dbuser:db-xxxxxxxxxxxxxx/foo,
arn:aws:rds-db:us-east1:1234567890:dbuser:db-xxxxxxxxxxxxxx/bar,
arn:aws:rds-db:us-east1:1234567890:dbuser:db-xxxxxxxxxxxxxx/tim
我正在创建数据资源以创建允许用户访问rds的策略文档,但是我仍然在如何使用格式来传递account_id和rds的resource_id上感到困惑,代码:data“ ...
[format的第一个示例不起作用,因为format期望其所有参数均为单个值,并且产生单个值。
for