2

我想知道是否有一种简单的方法可以添加多个 json 文件策略

mypolicy1.json、mypolicy2.json、mypolicy3.json

到目前为止,这是我的代码.. 适用于一项政策

variable "iam_policy_path" {
  default = "./mypolicy.json"  
}

resource "aws_iam_role_policy" "role" {
  name   = var.name
  role   = var.role
  policy = file(var.iam_policy_path)
}


module "aws_iam_role_policy" {
   source = "../modules/mypolicypolicy/"
   name = "mypolicy"
   role = module.myrole.myroleout
   iam_policy_path = "new_policy_path.json"
}
4

1 回答 1

2

一种方法是使用for_each并让您iam_policy_path成为路径列表。

例如:

variable "iam_policy_path" {
  default = ["./mypolicy.json", "./mypolicy2.json"]  
}

resource "aws_iam_role_policy" "role" {
  
  for_each = toset(var.iam_policy_path) # for each requires set. 
 
  name   = var.name
  role   = var.role

  policy = file(each.key)
}

然后在使用模块时:

module "aws_iam_role_policy" {
   source = "../modules/mypolicypolicy/"
   name = "mypolicy"
   role = module.myrole.myroleout
   iam_policy_path = ["new_policy_path.json", "new_policy_path2.json"]
}

基于额外的信息。完整的解决方案可能还需要使用将托管策略附加到角色的aws_iam_role_policy_attachment 。

于 2020-08-03T00:10:19.773 回答