amazon-web-servicesterraformamazon-iamterraform-provider-awsaws-policies

Creating an additional AWS policy within a lambda child module gives invalid index


Forgive me if this question is a little basic, I'm quite new to both AWS and Terraform.

I'm trying to create a lambda function via a terraform module. The source of the module is pointing at this repo https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master.

I am trying to follow the complete example provided starting at 130 of terraform-aws-lambda/examples/complete/main.tf but in my case I need to set 2 policies rather than 1.

I have:

   number_of_policy_jsons = 2

   policy_jsons = [
    <<-EOT
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "xray:*"
                  ],
                  "Resource": ["*"]
              }
          ]
      },
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "s3:*"
                  ],
                  "Resource": ["*"]
              }
          ]
      }
    EOT
  ]

I'm guessing I've formatted the json incorrectly but I can not figure out how it is supposed to be done. No matter what I try I get this error.

     Error: Invalid index
    │ 
    │  126:   policy = var.policy_jsons[count.index] 
    │     ├────────────────
    │     │ count.index is 1
    │     │ var.policy_jsons is list of string with 1 element
    │ 
    │ The given key does not identify an element in this collection value: the given index is greater than or
    │ equal to the length of the collection.

If someone could explain how this is supposed to be used that would be so helpful.


Solution

  • Hey you should format your list like this :

    policy_jsons = [<<EOF
    {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "xray:*"
                  ],
                  "Resource": ["*"]
              }
          ]
      }
    EOF,
    <<EOF
    {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "s3:*"
                  ],
                  "Resource": ["*"]
              }
          ]
      }
    EOF
    
    ]
    

    It's not very pretty to look at, another solution is to us Data Source: aws_iam_policy_document

    data "aws_iam_policy_document" "xray" {
        statement {
            actions = ["xray:*"]
            resources = ["*"]
        }
    }
    data "aws_iam_policy_document" "s3" {
        statement {
            actions = ["s3:*"]
            resources = ["*"]
        }
    }
    

    and then

    policy_jsons = [
        data.aws_iam_policy_document.xray.json,
        data.aws_iam_policy_document.s3.json
    ]