Reputation: 65
how to use IAM policy variables in terraform code
{
"Sid": "Allow bucket write",
"Effect": "Allow",
"Principal": {
"Service": [
"cloudtrail.amazonaws.com"
]
},
"Action": "s3:PutObject",
"Resource": "${aws_s3_bucket.log-dev-test-bucket-test.arn}/AWSLogs/${var.organization_id}/${aws:PrincipalAccount}/*",
"Condition": {"StringEquals": {"s3:x-amz-acl": "bucket-owner-full-control"}}
},
I am getting this message on my Resource section with regard to ${aws:PrincipalAccount}:
"Extra characters after interpolation expression: Template interpolation doesn't expect a colon at this location. Did you intend this to be a literal sequence to be processed as part of another language? If so, you can escape it by starting with "$${" instead of just "${".HCL"
The error message is suggesting to use $${aws:PrincipalAccount} to escape it.I don't know what that will do to it because i need to have this IAM policy variable in the policy statement resource section to achieve my goal.can any explain what escape will do if i use $$ instead of $ before {aws:PrincipalAccount}.Thank you
Upvotes: 1
Views: 907
Answers (1)
Reputation: 238081
There is no such IAM variable as aws:PrincipalAccount. The avaiable IAM variables are listed in Request information that you can use for policy variables .
Upvotes: 1
Related Questions
- Create parameterized resource policy on terraform
- Setting IAM Policy within Terraform
- Pass variables into Terraform IAM Policy Document
- How to use managed policy with iam role
- How to set default value to aws_iam_policy with terraform?
- terraform module - how to put policy in a variable
- Using template in a policy
- terraform: is there a way to create iam policy statements dynamically?
- How to insert a variable inside an AWS policy in terraform
- Terraform: associate an aws_iam_role with an aws_iam_policy