作者:kg810219_447 | 来源:互联网 | 2023-10-12 13:25
Terraform Version
- Terraform v0.11.0
- provider.aws v1.5.0
Affected Resource(s)
Terraform confg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| hcl
resource "aws_ssm_parameter" "some_key" {
name = "/some/path"
type = "SecureString"
value = "${var.some_key}"
overwrite = true
}
resource "aws_iam_role_policy" "some_policy" {
...
{
"Effect": "Allow",
"Resource": [
"${aws_ssm_parameter.some_key.arn}",
],
"Action": [
"ssm:GetParameter*"
]
}
... |
ARN exported for this type of resource has a double slash (
) after the word
. I've tried creating a parameter without the leading slash but Terraform throws an AWS API error:
1
| aws_ssm_parameter.some_key: [ERROR] Error creating SSM parameter: ValidationException: Parameter name must be a fully qualified name. |
The double slash is a problem because when I include the ARN into a policy for an IAM role, I get "unauthorized" response from AWS. Permissions work once one of the slashes is manually removed.
Perhaps this is caused by the trailing slash after
in https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_ssm_parameter.go#L94
The obvious workaround is to manually construct the ARN or use
function.
该提问来源于开源项目:hashicorp/terraform-provider-aws
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
京公网安备 11010802041100号