運行 terraform apply 時出現以下錯誤:模板插值無效 var.oidc_condition_statement 是包含 2 個元素的字串串列不能在字串模板中包含給定值:需要字串。
resource "aws_iam_role" "Orchestration_role"{
name = var.orchestration_role_name
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRoleWithWebIdentity",
"Principal":{
"Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
},
"Condition":{
"ForAnyValue:StringLike":{
"token.actions.githubusercontent.com:sub": "${var.oidc_condition_statement}"
}
}
}
]
}
EOF
}
variable.tf
variable "oidc_condition_statement"{
type = list(string)
}
tfvars
oidc_condition_statement = ["repo:organization/terraform-aws-githubaction:ref:refs/heads/staging","repo:organization/terraform-aws-githubaction:pull_request"]
uj5u.com熱心網友回復:
請使用jsonencode:
resource "aws_iam_role" "Orchestration_role"{
name = var.orchestration_role_name
assume_role_policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRoleWithWebIdentity",
"Principal":{
"Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
},
"Condition":{
"ForAnyValue:StringLike":{
"token.actions.githubusercontent.com:sub": ${jsonencode(var.oidc_condition_statement)}
}
}
}
]
}
EOF
}
轉載請註明出處,本文鏈接:https://www.uj5u.com/yidong/380790.html
標籤:亚马逊网络服务 地形 亚马逊 terraform-provider-aws
上一篇:如何有條件地創建S3存盤桶