Terraform：创建IAM角色时出错。 MalformedPolicyDocument：已禁止野外资源

我的TF代码是给我的错误：Terraform：创建IAM角色时出错。 MalformedPolicyDocument：已禁止野外资源

/* 
    * Policy: AmazonEC2ReadOnlyAccess 
    */ 
    assume_role_policy = <<EOF 
{ 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
      "Effect": "Allow", 
      "Action": "ec2:Describe*", 
      "Resource": "*" 
     }, 
     { 
      "Effect": "Allow", 
      "Action": "elasticloadbalancing:Describe*", 
      "Resource": "*" 
     }, 
     { 
      "Effect": "Allow", 
      "Action": [ 
       "cloudwatch:ListMetrics", 
       "cloudwatch:GetMetricStatistics", 
       "cloudwatch:Describe*" 
      ], 
      "Resource": "*" 
     }, 
     { 
      "Effect": "Allow", 
      "Action": "autoscaling:Describe*", 
      "Resource": "*" 
     } 
    ] 
} 
EOF

我复制并从https://console.aws.amazon.com/iam/home?region=us-west-2#/policies/arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess $ jsonEditor

* aws_iam_role.<role name>: Error creating IAM Role <role name>: MalformedPolicyDocument: Has prohibited field Resource 
status code: 400, request id: <request id>

不知道为什么它说资源被禁止粘贴的政策。

来源

2017-06-15 Snowcrash

https://stackoverflow.com/questions/34188013/aws-create-role-has-prohibited-field – Gangaraju

您需要提及sts:AssumeRole。您可以使用aws_iam_role_policy_attachment直接附加策略，而不是复制现有策略。

resource "aws_iam_role" "ec2_iam_role" { 
    name = "ec2_iam_role" 
    assume_role_policy = <<EOF 
{ 
    "Version": "2012-10-17", 
    "Statement": [ 
    { 
     "Sid": "", 
     "Effect": "Allow", 
     "Principal": { 
     "Service": [ 
      "ec2.amazonaws.com" 
     ] 
     }, 
     "Action": "sts:AssumeRole" 
    } 
    ] 
} 
EOF 
} 

resource "aws_iam_role_policy_attachment" "ec2-read-only-policy-attachment" { 
    role = "${aws_iam_role.ec2_iam_role.name}" 
    policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess" 
}

来源

2017-06-16 05:45:26 Gangaraju

Terraform：创建IAM角色时出错。 MalformedPolicyDocument：已禁止野外资源

回答

相关问题