如何解决策略文档中的以下代码中收到的错误消息

Question

当我运行terraform时，我得到了下面的错误:无效的模板插值值，var.oidc_condition_statement是包含两个元素的字符串列表，不能将给定的值包含在字符串模板中: string必需。

resource "aws_iam_role" "Orchestration_role"{
    name = var.orchestration_role_name

    assume_role_policy = <<EOF
{
    "Version":"2012-10-17",
    "Statement": [
        {
           "Effect": "Allow",
           "Action": "sts:AssumeRoleWithWebIdentity",
           "Principal":{
               "Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
           },
           "Condition":{
               "ForAnyValue:StringLike":{
                   "token.actions.githubusercontent.com:sub": "${var.oidc_condition_statement}"
               }
           }
        }
    ]
}
EOF
}

variable.tf

variable "oidc_condition_statement"{
    type = list(string)
}

tfvars

oidc_condition_statement          = ["repo:organization/terraform-aws-githubaction:ref:refs/heads/staging","repo:organization/terraform-aws-githubaction:pull_request"]

Answer 1

请使用jsonencode

resource "aws_iam_role" "Orchestration_role"{
    name = var.orchestration_role_name

    assume_role_policy = <<EOF
{
    "Version":"2012-10-17",
    "Statement": [
        {
           "Effect": "Allow",
           "Action": "sts:AssumeRoleWithWebIdentity",
           "Principal":{
               "Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
           },
           "Condition":{
               "ForAnyValue:StringLike":{
                   "token.actions.githubusercontent.com:sub": ${jsonencode(var.oidc_condition_statement)}
               }
           }
        }
    ]
}
EOF
}