更新:iam_policy_document:错误:InvalidParameter:无效参数:Policy Error:空状态码:400,请求ID

编程问答 2022-08-16

问题描述

所以我试图将非模块化terraform设置迁移到由模块组成。我遇到了这个错误。我知道这不是特定于terraform错误,但是我正在使用terraform

实现这一目标所需的所有模块的整体结构包括

%ls

caller_identity     event_rule  event_target    iam_policy_document sns_topic_policy

在呼叫者身份中:

ls
main.tf     output.tf   variable.tf

在event_rules中:

main.tf     output.tf   variable.tf

在event_target中:

main.tf     variable.tf  (i did not seem to need to have an output to be used somewhere else.)

在iam_policy_document中:

ls% main.tf     output.tf   variable.tf


data "aws_iam_policy_document" "this" {
  statement {
     actions  = [
      "SNS:GetTopicAttributes","SNS:SetTopicAttributes","SNS:AddPermission","SNS:RemovePermission","SNS:Deletetopic","SNS:Subscribe","SNS:ListSubscriptionsByTopic","SNS:Publish","SNS:Receive"
    ]

    condition {
       test      = "StringEquals"
      variable = "AWS:SourceOwner"

      values = [
      var.account
      ]
    }

    effect = "Allow"

    principals {
       type         = "AWS"
      identifiers = ["*"]
    }

    resources = [
      var.arn
    ]

    sid = "__default_statement_ID"
  }

  statement {
     actions  = [
      "sns:Publish"
    ]

    effect = "Allow"

    principals {
       type         = "Service"
      identifiers = ["events.amazonaws.com"]
    }

    resources = [
      var.arn
    ]

    sid = "TrustCWetoPublishEventsToMyTopic"
  }
}

在sns_topic_policy中:

main.tf     output.tf   variable.tf

resource "aws_sns_topic_policy" "this" {
   arn = var.arn 
   policy = var.policy
}

我开始按照发布的顺序重做所有这些文件,然后进行测试。说完一切后,需要构建4种地形。我知道肯定会因为非模块版本是我的基础

所以直到我进入aws_sns_topic_policy为止,一切似乎都可以正常工作。

这是我要敲打sns_topic 

        }
    }

Plan: 3 to add,0 to change,0 to destroy.

Do you want to perform these actions?
  terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:

我点击是,它完成了下面所述的输出

现在,一旦我添加了sns模块,它就会变成麻烦事了。

我的输出

Apply complete! Resources: 0 added,0 changed,0 destroyed.

Outputs:

caller_identity_out = 012345678910
cloudwatch_event_rule_out = Detect-Local-User-Creations
iam_policy_document_out = {
  "Version": "2012-10-17","Statement": [
    {
      "Sid": "__default_statement_ID","Effect": "Allow","Action": [
        "SNS:Subscribe","SNS:Receive","SNS:GetTopicAttributes","SNS:AddPermission"
      ],"Resource": "arn:aws:sns:us-east-1:012345678910:tf-SnsTopic-EmailSNSTopic-9JJZS66CE1CW","Principal": {
        "AWS": "*"
      },"Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "012345678910"
        }
      }
    },{
      "Sid": "TrustCWetoPublishEventsToMyTopic","Action": "sns:Publish","Principal": {
        "Service": "events.amazonaws.com"
      }
    }
  ]
}

基于我所看到的,我不知道它指的是什么。我得到此错误的唯一方法是使用jsonencode。但是,这是下一个错误发生的地方

iam_policy_document: Error: InvalidParameter: Invalid parameter: Policy Error: null status code: 400,

output.tf文件

output "iam_policy_document_out" {
  value = data.aws_iam_policy_document.this.json
}

有人提到不需要jsonencode,如果我把它拿出来,就会发生这种情况。

当我更改#policy = jsonencode(“ module.aws_iam_policy_document.iam_policy_document_out”)时收到错误

policy =“ module.aws_iam_policy_document.iam_policy_document_out”

错误

dLocalUsers]
module.iam_policy_document.data.aws_iam_policy_document.this: Refreshing state...

Error: "policy" contains an invalid JSON: invalid character 'm' looking for beginning of value

  on ../../../modules/cloudwatch/sns_topic_policy/main.tf line 3,in resource "aws_sns_topic_policy" "this":
   3:    policy = var.policy

最近的事情是当我从答案中实现“替代方案”时。 我收到此错误,但看不到问题。我不明白这是什么错误。我的输出正常工作,它在sns_topic中声明。.因此,我错过了明显的地方,我不知道... 

Error: Reference to undeclared module

  on main.tf line 43,in module "sns_topic_policy":
  43:   policy = module.aws_iam_policy_document.iam_policy_document_out.json

No module call named "aws_iam_policy_document" is declared in the root module.

解决方法

您的iam_policy_document_out已经采用json的形式:

value = data.aws_iam_policy_document.this.json

因此,在模块中,应使用以下内容:

module "sns_topic_policy" {
  source = "./sns_topic_policy/"
  arn    = module.SnsTopic.arn
  policy = module.aws_iam_policy_document.iam_policy_document_out
}

还有其他问题,直到部署代码后这些问题才变得明显。

替代方法:

output "iam_policy_document_out" {
  value = data.aws_iam_policy_document.this
}

module "sns_topic_policy" {
  source = "./sns_topic_policy/"
  arn    = module.SnsTopic.arn
  policy = module.aws_iam_policy_document.iam_policy_document_out.json
}
amazon-snsamazon-web-servicesterraform0.12+