terraform lambda 资源策略问题

问题描述 投票:0回答:1

我正在尝试将资源 AWS IAM 策略添加到 Terraform 中的 lambda 函数,IAM 策略没有任何条件,但有资源,但是 Terraform 正在条件中添加相同的资源。

  resource "aws_lambda_permission" "lambda_function" {
  statement_id = "AllowSecretsManagerInvoke"
  action = "lambda:InvokeFunction"
  function_name = aws_lambda_function.myfunction.function_name
  principal = "secretsmanager.amazonaws.com"
  source_arn = aws_lambda_function.myfunction.arn
}

理想的资源策略应创建如下

{
  "Version": "2012-10-17",
  "Id": "default",
  "Statement": [
    {
      "Sid": "SecretsManagerInvoke",
      "Effect": "Allow",
      "Principal": {
        "Service": "secretsmanager.amazonaws.com"
      },
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:{region}:{account}:function:myfunction"
    }
  ]
}

但是 terraform 正在制定如下政策:

{
  "Version": "2012-10-17",
  "Id": "default",
  "Statement": [
    {
      "Sid": "AllowSecretsManagerInvoke",
      "Effect": "Allow",
      "Principal": {
        "Service": "secretsmanager.amazonaws.com"
      },
      "Action": "lambda:InvokeFunction",
      "Resource": "arn:aws:lambda:arn:aws:lambda:{region}:{account}:function:myfunction",
      "Condition": {
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:lambda:arn:aws:lambda:{region}:{account}:function:myfunction"
        }
      }
    }
  ]
}
amazon-web-services aws-lambda terraform amazon-iam
1个回答
0
投票

删除 

source_arn
解决了该问题。当您指定 
aws_lambda_permission
参数时,Terraform 中的 
source_arn
资源会自动添加条件。

 resource "aws_lambda_permission" "lambda_function" {
  statement_id = "AllowSecretsManagerInvoke"
  action = "lambda:InvokeFunction"
  function_name = aws_lambda_function.myfunction.function_name
  principal = "secretsmanager.amazonaws.com"
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.