1. 首页
  2. 问答
  3. MalformedPolicyDocument错误通过terraform

MalformedPolicyDocument错误通过terraform

2017-03-07 85 views
5

运行terraform当我收到以下错误创建策略时:MalformedPolicyDocument错误通过terraform

* aws_iam_role_policy.rds_policy: Error putting IAM role policy my-rds-policy: MalformedPolicyDocument: The policy failed legacy parsing

这里是我的资源的定义:

resource "aws_iam_role_policy" "rds_policy" { 
    name = "my-rds-policy" 
    role = "${aws_iam_role.rds_role.id}" 
    policy = <<EOF 
    { 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
      "Effect": "Allow", 
      "Action": [ 
       "s3:ListBucket", 
       "s3:GetBucketLocation" 
      ], 
      "Resource": [ 
       "arn:aws:s3:::my-bucket" 
      ] 
     }, 
     { 
      "Effect": "Allow", 
      "Action": [ 
       "s3:GetObjectMetaData", 
       "s3:GetObject", 
       "s3:PutObject", 
       "s3:ListMultipartUploadParts", 
       "s3:AbortMultipartUpload" 
      ], 
      "Resource": [ 
       "arn:aws:s3:::my-bucket/backups/*" 
      ] 
     } 
    ] 
} 
EOF 
}

的JSON政策文档是良好的,我什么都看不到。

来源

2017-03-07 Robin Salih

+2

,首先左大括号的EOF看起来像后它时,它不应该是真实缩进。如果你不这样做会怎么样? heredoc的东西有时可能非常特别。 – ydaetskcoR

+1

@ydaetskcoR哇,奇怪的工作。作为答案发布,我会将其标记为正确的解决方案。 –

回答

6

您需要确保您的EOF heredoc开头没有任何缩进,因为您的JSON策略不应以缩进大括号开头。

所以你应该罚款这个简单的变化:

resource "aws_iam_role_policy" "rds_policy" { 
    name = "my-rds-policy" 
    role = "${aws_iam_role.rds_role.id}" 
    policy = <<EOF 
{ 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
      "Effect": "Allow", 
      "Action": [ 
       "s3:ListBucket", 
       "s3:GetBucketLocation" 
      ], 
      "Resource": [ 
       "arn:aws:s3:::my-bucket" 
      ] 
     }, 
     { 
      "Effect": "Allow", 
      "Action": [ 
       "s3:GetObjectMetaData", 
       "s3:GetObject", 
       "s3:PutObject", 
       "s3:ListMultipartUploadParts", 
       "s3:AbortMultipartUpload" 
      ], 
      "Resource": [ 
       "arn:aws:s3:::my-bucket/backups/*" 
      ] 
     } 
    ] 
} 
EOF 
}

来源

2017-03-08 11:36:04 ydaetskcoR

相关问题

 相关问题