Hello Mart and Team,
Please help me to resolve below terraform error
│ Error: “policy” contains an invalid JSON: invalid character ‘a’ after object key:value pair
│
│ with aws_secretsmanager_secret_policy.configserver_secret_policy,
│ on secrets.tf line 49, in resource “aws_secretsmanager_secret_policy” “configserver_secret_policy”:
│ 49: policy = data.template_file.configserver_secrets_key_policy.rendered
│
for below code
resource “aws_secretsmanager_secret_policy” “configserver_secret_policy” {
secret_arn = aws_secretsmanager_secret.configserver_secrets.arn
policy = data.template_file.configserver_secrets_key_policy.rendered
}
data “template_file” “configserver_secrets_key_policy” {
template = file(“${path.cwd}/templates/config-server-secrets-policy.json”)
vars = {
role_arns = jsonencode(local.role_arns[lower(var.app_env)])
}
}
locals {
role_arns = {
uat = [
“arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-pera-spring-jboss-role", ## pera_spring_jbs_role_arn
"arn:aws:iam::{local.finstack_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-finstack-cards-role”, ## finstack_cards_role_arn
“arn:aws:iam::{local.externalapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-externalapps-enterprise-jboss-role", ## enterprise_jbs_role_arn
"arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-notary-spring-jboss-role”, ## propertypay_jbs_role_arn
“arn:aws:iam::{local.externalapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-externalapps-ratefeed-jboss-role", ## ratefeed_jbs_role_arn
"arn:aws:iam::{local.externalapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-externalapps-enterprise-microservice-role”, ## erp_microservice_role_arn
“arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-transapi-role", ## transapi_role_arn
"arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-prpay-spring-jboss-demo-role”, ## prpay_demo_role_arn
“arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-multipot-role" ## multipot_role_arn
]
prod = [
"arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-pera-spring-jboss-role”, ## pera_spring_jbs_role_arn
“arn:aws:iam::{local.finstack_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-finstack-cards-role", ## finstack_cards_role_arn
"arn:aws:iam::{local.externalapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-externalapps-enterprise-jboss-role”, ## enterprise_jbs_role_arn
“arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-notary-spring-jboss-role", ## propertypay_jbs_role_arn
"arn:aws:iam::{local.externalapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-externalapps-ratefeed-jboss-role”, ## ratefeed_jbs_role_arn
“arn:aws:iam::{local.externalapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-externalapps-enterprise-microservice-role", ## erp_microservice_role_arn
"arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-{lower(var.app_env)}-coreapps-transapi-role”, ## transapi_role_arn
“arn:aws:iam::{local.coreapps_account[var.aws_account_type]}:role/{var.app_group}-${lower(var.app_env)}-coreapps-multipot-role” ## multipot_role_arn
]
}
}
policy file is
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“AWS”: “${role_arns}”
},
“Action”: “secretsmanager:GetSecretValue”,
“Resource”: “*”
}
]
}