问题描述
我正在创建一个IAM角色来执行任务。我已经在cloudformation中完成了工作,现在我正在以terraform进行操作,但是我遇到的问题是在cloudformation中有一个属性可以赋予ManagedPolicyArns,但您将如何在terraform中给出它。我同时附上了两个脚本。 Terraform脚本不完整,cloudformation脚本完成后我需要帮助,我想将其复制到terraform。
地形:
resource "aws_iam_role" "task_execution" {
name = "task-execution-${terraform.workspace}"
assume_role_policy = <<EOF
{
"Version": "2012-10-17","Statement": [
{
"Action": "sts:AssumeRole","Principal": {
"Service": "ecs-tasks.amazonaws.com"
},"Effect": "Allow","Sid": "","path": "/",}
]
}
EOF
tags = {
tag-key = "tag-value"
}
}
Cloudformation
---
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Env:
Type: String
Resources:
ExRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ecs-tasks.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
RoleName: !Sub "excutionrole-${Env}"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
Policies:
- PolicyName: AccessECR
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ecr:BatchGetImage
- ecr:GetAuthorizationToken
- ecr:GetDownloadUrlForLayer
Resource: '*'
解决方法
在Terraform中,您可以使用iam_role_policy_attachment资源将策略附加到角色:
resource "aws_iam_role_policy_attachment" "test-attach" {
role = aws_iam_role.test_role.name
policy_arn = // ARN of the managed policy
}
SSSSSS仅用于
信任关系(即谁/谁可以担任此角色)。从而,
您的assume_role_policy应该是:
aws_iam_role然后,所需的权限可以附加到角色,如下所示:
resource "aws_iam_role" "test_role" {
name = "s3_access"
assume_role_policy = <<EOF
{
"Version": "2012-10-17","Statement": [
{
"Sid": "1","Effect": "Allow","Principal": {
"Service": "ecs-tasks.amazonaws.com"
},"Action": "sts:AssumeRole"
}
]
}
EOF
tags = {
tag-key = "tag-value"
}
}
依赖报错 idea导入项目后依赖报错,解决方案:https://blog....
错误1:gradle项目控制台输出为乱码 # 解决方案:https://bl...