違うs3バケットに同じようなポリシーを作成しようとしています。
iam.tf
data "aws_iam_policy_document" "allow_rw_access_s3_bucket" { for_each = local.s3_buckets statement { sid = "AllowListDapBucket" effect = "Allow" actions = [ "s3:ListBucket" ] resources = [format("arn:aws:s3:::%s-%s", each.value.name, var.env)] } statement { sid = "AllowPutData" effect = "Allow" actions = [ "s3:PutObject", ] resources = [ "arn:aws:s3:::${format("%s-%s", each.value.name, var.env)}", "arn:aws:s3:::${format("%s-%s", each.value.name, var.env)}/*" ] } } resource "aws_iam_policy" "allow-s3-role" { for_each = local.s3_buckets name = format("allow-s3-%s-%s", each.value.name, var.env) policy = data.aws_iam_policy_document.allow_rw_access_s3_bucket.json }
locals.tf
locals { s3_buckets = { school-dap = { name = "school-dap" tags_name = "school_dap" } argo-artifact = { name = "argo-artifact" tags_name = "argo_artifact" } } }
このように記載すると以下のようにエラーが出ます。
╷ │Error: Missing resource instance key │ │ on iam.tf line 27, in resource "aws_iam_policy" "allow-s3-role": │ 27: policy = data.aws_iam_policy_document.allow_rw_access_s3_bucket.json │ │Because data.aws_iam_policy_document.allow_rw_access_s3_bucket has │"for_each" set, its attributes must be accessed on specific instances. │ │For example, to correlate with indices of a referring resource, use: │ data.aws_iam_policy_document.allow_rw_access_s3_bucket[each.key] ╵
iam.tfの下記の部分でどのaws_iam_policy_documentを使っていいのかがわからないというエラーというのはわかりますがこちらをどのように変更すればよろしいでしょうか?
resource "aws_iam_policy" "allow-s3-role" { for_each = local.s3_buckets name = format("allow-s3-%s-%s", each.value.name, var.env) policy = data.aws_iam_policy_document.allow_rw_access_s3_bucket.json }
エラーの内容の通りに
policy = data.aws_iam_policy_document.allow_rw_access_s3_bucket[each.key]
ともしてみたのですが同じようなエラーになりました
まだ回答がついていません
会員登録して回答してみよう
