Error While Adding SSM Permissions to Share Documents with Multiple AWS Accounts

kamal-pinnapu · July 28, 2023, 5:21am

I am currently working on sharing AWS Systems Manager (SSM) documents with multiple AWS accounts using Terraform. While attempting to add permissions for multiple AWS accounts, I encountered an error that I am seeking assistance with.

The specific error message I encountered is as follows:

on clone-efs-folder.tf line 18, in resource “aws_ssm_document” “clone_efstos3”:
18: permissions = {
19: type = “Share”
20: account_ids = [“13323xxxxx”,“2323xxxxx”]
21: }

Inappropriate value for attribute “permissions”: element “account_ids”:
string required.


I understand that the error is related to the "account_ids" attribute within the "permissions" block. It seems that providing multiple AWS account IDs as an array is not being recognized correctly. If I just give one AWS account id it works fine.

Could you kindly assist me in resolving this issue and guide me on the appropriate way to add permissions for multiple AWS accounts using the "aws_ssm_document" resource in Terraform?

Here's the snippet of my code
resource "aws_ssm_document" "clone_efstos3" {
  name            = "${var.orgid}-clone-efstos3"
  document_type   = "Automation"
  document_format = "JSON"
  permissions = {
    type        = "Share"
    account_ids = ["324232xxxx","22323xxxxx"]
  }
  content = templatefile("${path.module}/templates/clone_efstos3.json", {
  })
}

MichaelReubenDevSlal · March 4, 2024, 2:33pm

I have the same issue, notably it does not work with a comma separated string either. There is also a very similar issue with the aws_ssm_association resource (terrible name basically ssm_run_document) you are unable to specify a parameter that is a list as terraform will only accept a string.

lizaclarraa · May 16, 2024, 5:42am

I too have got the same issue could someone help me out with this?

acwwat · May 17, 2024, 6:08am

Looking at the code, you should be able to provide a string containing the list of account IDs (up to 20) separated by commas without spaces in between. For example:

account_ids = "111111111111,222222222222,333333333333"

Not sure why it didn’t work for the previous commenter, but you can give it a try with a recent version of the provider and see if it works.

Topic		Replies	Views
Enabling S3 permissions in a terraform aws_iam_policy_document Terraform	0	2263	November 30, 2021
Terraform AWS sso_admin Dependency Issue AWS	3	2170	February 23, 2022
Terraform AWS tries to create duplicate resources from shared module AWS	1	780	January 13, 2023
Data source and adding multiple dynamic resources values Terraform	4	734	January 18, 2023
Create multiple Azure Storage Account with Multiple FileShare under each Storage Account Azure	4	603	February 3, 2024

Error While Adding SSM Permissions to Share Documents with Multiple AWS Accounts

Related topics