我调用一个要像这样渲染的文件
resource "aws_organizations_policy" "backup_policy" {
name = "organization_backup_policy"
description = "Organization wide backup policy"
type = "BACKUP_POLICY"
content = jsonencode(templatefile("${path.module}/policies/backup-policy.json.tftpl", {
vault_name = aws_backup_vault.central_backup_vault.name
backup_operator_role_name = aws_iam_role.backup_operator.name
backup_tag_key = "Backup"
backup_tag_value = "true"
}))
}
模板本身:
{
"plans": {
"BackupPlan00": {
"regions": {
"@@assign": [
"eu-central-1"
]
},
"rules": {
"BackupRule00": {
"target_backup_vault_name": {
"@@assign": ${vault_name}"
}
}
},
"backup_plan_tags": {
"backup-plan-tag": {
"tag_key": {
"@@assign": "backup-plan-tag"
},
"tag_value": {
"@@assign": "backup-plan-key"
}
}
},
"selections": {
"tags": {
"ResourceAssignment00": {
"iam_role_arn": {
"@@assign": "arn:aws:iam::$account:role/${backup_operator_role_name}"
},
"tag_key": {
"@@assign": "${backup_tag_key}"
},
"tag_value": {
"@@assign": [
"${backup_tag_value}"
]
}
}
}
}
}
}
}
编辑
有趣的是,当我有一个计划 JSON 文件,例如
backup.json
{
"plans": {
"BackupPlan00": {
"regions": {
"@@append": [
"eu-central-1",
"eu-west-3"
]
},
"rules": {
"BackupRule00": {
"target_backup_vault_name": {
"@@assign": "CentralVault"
}
}
},
"backup_plan_tags": {
"backup-plan-tag": {
"tag_key": {
"@@assign": "backup-plan-tag"
},
"tag_value": {
"@@assign": "backup-plan-key"
}
}
},
"selections": {
"tags": {
"ResourceAssignment00": {
"iam_role_arn": {
"@@assign": "arn:aws:iam::$account:role/BackupOperator"
},
"tag_key": {
"@@assign": "Backup"
},
"tag_value": {
"@@assign": [
"true"
]
}
}
}
}
}
}
}
没有变量插值或任何东西,它仍然失败
resource "aws_organizations_policy" "backup_policy" {
provider = aws.primary_region
name = "organization_backup_policy"
description = "Organization wide backup policy"
type = "BACKUP_POLICY"
content = jsonencode(templatefile("${path.module}/policies/backup.json", {}))
}
│ Error: updating Organizations Policy (p-89ql027feq): operation error Organizations: UpdatePolicy, https response error StatusCode: 400, RequestID: 2ed05a2d-b829-46fc-a18c-78105ae710a0, MalformedPolicyDocumentException: The provided policy document does not meet the requirements of the specified policy type.
我想念什么?
您在模板文件中漏掉了一个双引号。
"target_backup_vault_name": {
"@@assign": ${vault_name}"
}
应该是:
"target_backup_vault_name": {
"@@assign": "${vault_name}"
}