我有一个 aws_iam_policy_document ,我试图连接到多个队列 . 政策文件如下:
data "aws_iam_policy_document" "my_policy" {
statement {
principals {
type = "*"
identifiers = ["*"]
}
actions = [
"sqs:SendMessage"
]
resources = [
"${aws_sqs_queue.q1.arn}",
"${aws_sqs_queue.q2.arn}",
"...",
"${aws_sqs_queue.q8.arn}"
]
condition {
test = "ArnEquals"
variable = "aws:SourceArn"
values = [
"${aws_sns_topic.sns_topic_name.arn}"
]
}
}
}
当我运行terraform计划时,它不会显示任何错误 . 无论运行terraform适用我得到: Policy is invalid. Reason: Each statement in the policy should have exactly one resource . 有没有办法可以为资源名称添加一个变量,该变量在被附加到所述队列时被队列名称替换?
这是我的队列和队列策略的样子:
resource "aws_sqs_queue" "queue_name" {
name = "queue_name_${var.environment}"
visibility_timeout_seconds = 30
message_retention_seconds = 345600
max_message_size = 262144
delay_seconds = 0
receive_wait_time_seconds = 0
}
resource "aws_sqs_queue_policy" "queue_name_policy" {
queue_url = "${aws_sqs_queue.queue_name.id}"
policy = "${data.aws_iam_policy_document.my_policy.json}"
}
1 回答
Terraform有一个使用count meta-parameter的循环迭代机制 .
我没有用过这么多,我现在无法真正测试下面的代码,所以有一个小的免责声明,我可能是错的,我认为这应该工作:
您可能必须使用lookup() function而不是方括号 - 不确定 .