Hi,
How do i use this earlier solution, if i have multiple resources?
data "aws_iam_policy_document" "assume" {
statement {
sid = "AssumeIntoChildren"
effect = "Allow"
actions = [
"sts:AssumeRole"
]
resources = [
for id in data.aws_organizations_organization.all_accounts.accounts[*].id :
"arn:aws:iam::${id}:role/assume-into-me",
"arn:aws:iam::${id}:role/assume-into-me1",
"arn:aws:iam::${id}:role/assume-into-me2"
]
}
}Hi @palaparthis833,
If you are asking how you can include multiple different lists of ARNs into resources at once, I think the flatten function will help:
resources = flatten(
[
for id in data.aws_organizations_organization.all_accounts.accounts[*].id : [
"arn:aws:iam::${id}:role/assume-into-me",
"arn:aws:iam::${id}:role/assume-into-me1",
"arn:aws:iam::${id}:role/assume-into-me2",
]
],
[
"arn:aws:iam::foo::role/other-hardcoded-one",
],
)
The purpose flatten is serving here is to flatten all of the nested lists, including deeply-nested ones as for expressions can often create, so that the result is just a flat list of strings. In the above case, perhaps something like this:
[
"arn:aws:iam::first-id:role/assume-into-me",
"arn:aws:iam::first-id:role/assume-into-me1",
"arn:aws:iam::first-id:role/assume-into-me2",
"arn:aws:iam::second-id:role/assume-into-me",
"arn:aws:iam::second-id:role/assume-into-me1",
"arn:aws:iam::second-id:role/assume-into-me2",
"arn:aws:iam::foo::role/other-hardcoded-one",
]
Each of the elements of data.aws_organizations_organization.all_accounts.accounts here would’ve produced its own separate nested list before flatten, but using that function brings all of the nested strings up to the top-level so that the data structure is the shape that the resources argument expects.