如何在terraform資料呼叫中連接變數？-有解無憂

我試圖在 Terraform 資料分配中連接一個宣告的變數來構建一個動態呼叫。

具有以下代碼：

# Policy 1
data "aws_iam_policy_document" "1_s3_access_policy" {
   statement {
     effect = "Allow"
     actions = [
      "s3:GetObject",
      "s3:PutObject",
      "s3:DeleteObject",
     ]
     resources = [
      "arn:aws:s3:::1_s3_access_policy/*",
      "arn:aws:s3:::1_s3_access_policy",
     ]
     principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::67435677645:user/d2c-user-us-west-1"]
     }
   }
 }
# policy 2
data "aws_iam_policy_document" "2_s3_access_policy" {
    statement {
     effect = "Allow"
     actions = [
      "s3:GetObject",
      "s3:PutObject",
      "s3:DeleteObject",
     ]
     resources = [
      "arn:aws:s3:::2_s3_access_policy/*",
      "arn:aws:s3:::2_s3_access_policy",
     ]
     principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::67435677645:user/d2c-user-us-west-1"]
     }
   }
 }
# Policy 3
...
variable "s3_bucket_names" {
      type    = list(any)
      default = ["1_s3_access_policy", "2_s3_access_policy", "3_s3_access_policy"]
}

module "platform-cloud" {
      source              = "./module"
      count               = length(var.s3_bucket_names) //count will be 3
      bucket_name         = var.s3_bucket_names[count.index]
      sse_algorithm       = "aws:kms"
      iam_policy_document =  data.aws_iam_policy_document.${var.s3_bucket_names[count.index]}.json
}

它因錯誤而失敗：

Error: Invalid character

on main.tf line 10, in module "platform-cloud":

iam_policy_document = data.aws_iam_policy_document.${var.s3_bucket_names[count.index]}.json

This character is not used within the language.

有沒有辦法在terraform 資料呼叫中連接變數？

uj5u.com熱心網友回復：

通常你會這樣做：

iam_policy_document =  data.aws_iam_policy_document[var.s3_bucket_names[count.index]].json

確切的細節將取決于如何data.aws_iam_policy_document定義。但遺憾的是，您的問題中沒有提供此類資訊。

uj5u.com熱心網友回復：

Terraform 無法以您嘗試的方式動態查找資源，因為這意味著在評估時間之前不會確定資源依賴項，但 Terraform 需要在評估任何運算式之前知道正確的依賴項順序。

但是，您可以通過使用鍵創建映射的額外步驟來滿足動態選擇資源的用例，然后您將使用這些鍵來選擇每個資源：

locals {
  bucket_policies = {
    s3_access_policy_1 = data.aws_iam_policy.s3_access_policy_1
    s3_access_policy_2 = data.aws_iam_policy.s3_access_policy_2
    s3_access_policy_3 = data.aws_iam_policy.s3_access_policy_3
  }
}

module "platform-cloud" {
  source = "./module"
  count  = length(var.s3_bucket_names) //count will be 3

  bucket_name         = var.s3_bucket_names[count.index]
  sse_algorithm       = "aws:kms"
  iam_policy_document = local.bucket_policies[var.s3_bucket_names[count.index]].json
}

我已將您的資料資源的名稱更改為類似s3_access_policy_1而不是1_s3_access_policy因為 Terraform 不允許資源名稱以數字開頭。Terraform 尚未報告該錯誤訊息，因為您有語法錯誤，但解決語法錯誤會暴露命名錯誤。

請注意， nowmodule.platform-cloud是iam_policy_document指整個local.bucket_policies，而后者又取決于所有三個資料資源。因此，Terraform 了解它必須在評估該模塊引數之前評估所有這三個資料資源，從而產生正確的評估順序。

雖然與您的問題沒有直接關系，但我建議您閱讀何時使用for_each而不是count決定for_each在您的module "platform-cloud"塊中使用是否更好，而不是count.

轉載請註明出處，本文鏈接：https://www.uj5u.com/qukuanlian/319059.html

標籤：亚马逊网络服务地形 terraform-provider-aws

上一篇：DynamoDB的新手。有沒有更方便的方法來添加/放置專案？

下一篇：AWS密鑰輪換問題