科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>json - How to use iam_policy with condition as optional? - Stack Overflow

    json - How to use iam_policy with condition as optional? - Stack Overflow

    programmeradmin1浏览0评论

    I want to use the terraform resource aws_iam_policy with the policy key set to a complete policy configured in a var and use jsonencode on the value of the var.

    I have no issues doing this as long as I am not having the var configured so that the condition part is optional. If i have it set to optional the policy is still generated with a condition key but set to null.

    Example code

    ## var file
variable "policy" {
  type = list(object({
    policy_name = string
    policy_doc = list(objecy({
      Effect = string
      ...
      Condition = optional(map(map(string)))    
    })
  })
}

## Config file
{
  "policy": [
    {
      "policy_name": "somename"
      "policy_doc": [
        {
          ...policy statement with condition...
        },
        {
          ...policy statement without condition...
        }
      ]
    }
  ]
}

## TF file
resource "aws_iam_policy" "my_policy" {
  for_each = {
    for policy in var.policy :
    policy.policy_name => policy.policy_doc
  }
  policy = jsonencode({
    Version = "2017..."
    Statement = each.value
  })
}

    As mentioned this generate the condition key on both statements, is where away to get it to work so it only generate it for the one configured with it and using aws_iam_policy resource?

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论