我尝试在 IAM 角色中使用
AWSBackupServiceRolePolicyForBackup
策略:
data "aws_iam_policy" "aws_backup_service_policy" {
arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
}
resource "aws_iam_role_policy" "backup_service_aws_backup_role_policy" {
policy = data.aws_iam_policy.aws_backup_service_policy.policy
role = aws_iam_role.backup_service_role.name
}
结果是:
错误:放置 IAM 角色策略 terraform-20240401140929162200000001:LimitExceeded:角色 Foundry-terraform-backup-service-role-dev 超出最大策略大小 10240 字节
This makes sense, as the json for the role is actually over the maximum policy size. However, I've tried minifying the JSON with:
```hcl
resource "aws_iam_role_policy" "backup_service_aws_backup_role_policy" {
policy = jsonencode(jsondecode(data.aws_iam_policy.aws_backup_service_policy.policy))
role = aws_iam_role.backup_service_role.name
}
如此处所述:
“从 Terraform 0.12 开始,您可以使用 jsondecode 和 jsonencode 的往返来生成缩小的 JSON,因为 jsonencode 始终生成最小的 JSON”
如果我创建一个输出,我可以验证
value
确实已被缩小:
output "policy_json" {
value = jsonencode(jsondecode(data.aws_iam_policy.aws_backup_service_policy.policy))
description = "the policy json"
但是当我尝试
apply
配置时,我最终遇到了同样的错误。为什么政策在申请时没有被缩小?
在这种情况下,我会尝试做的只是提供 AWS 托管策略的 ARN 并使用
aws_iam_role_policy_attachment
资源附加它:
resource "aws_iam_role_policy_attachment" "backup_service_aws_backup_role_policy" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
role = aws_iam_role.backup_service_role.name
}