Terraform 'aws_secretsmanager_secret‘传递arn错误:模板内插值无效

Question

我有一个Lambda，它将读取来自secret Manager的秘密，它们都由Terraform管理。因此，在Terraform中，我对这个秘密有一个定义：

resource "aws_secretsmanager_secret" "example" {
  name = "example"
}

对于Lambda，我附加了一个获取秘密的许可：

resource "aws_iam_role_policy" "example_role_policy" {
  name   = "example-role-policy"
  role   = aws_iam_role.example_lambda_role.id
  policy = <

locals{

secret_arn = "arn:aws:secretsmanager:::us-east-1:${local.account_number}:secret:${aws_secretsmanager_secret.example}-*"

}

Error: Invalid template interpolation value

  on ..\..\xxx\terraform\variables.tf line 39, in locals:
  39:   secret_arn = "arn:aws:secretsmanager:::us-east-1:${local.account_number}:secret:${aws_secretsmanager_secret.example}-*"
    |----------------
    | aws_secretsmanager_secret.example is object with 12 attributes

Cannot include the given value in a string template: string required.

Answer 1

你的

应该使用

，not

..。

但是

最简单的方法

要在您的策略中获取arn，只需执行以下操作：

resource "aws_iam_role_policy" "example_role_policy" {
  name   = "example-role-policy"
  role   = aws_iam_role.example_lambda_role.id
  policy = <

Answer 2

我可能错了，但我认为你想得太多了。试试这个：

secret_arn = aws_secretsmanager_secret.example.arn

请记住，当您使用以下各项设置AWS提供商时，您正在设置帐户ID和区域：

provider "aws" {
  alias   = "ireland" # Your is in america but you get what I mean :)
  version = "2.70.0"
  region  = "eu-west-1"
...