How to fix string required error message

resource "aws_iam_role" "Orchestration_role"{
    name = var.orchestration_role_name

    assume_role_policy = <<EOF
    "Statement": [
           "Effect": "Allow",
           "Action": "sts:AssumeRoleWithWebIdentity",
                   "": "${var.oidc_condition_statement}"

variable "oidc_condition_statement"{
    type = list(string)


oidc_condition_statement          = ["repo:organization/terraform-aws-githubaction:ref:refs/heads/staging","repo:organization/terraform-aws-githubaction:pull_request"]

I am getting the below error when i run terraform apply:

Invalid template interpolation value
var.oidc_condition_statement is list of string with 2 elements Cannot include the given value in a string template: string required.

Hi @darekorex,

var.oidc_condition_statement is a list of strings and so this is a correct error message: it’s not possible to concatenate a list into a string directly.

With that said, I don’t think you really need string concatenation there at all, because I believe the correct policy document syntax there is to include a JSON array.

Therefore I think the following would produce the required result:

  assume_role_policy = jsonencode({
    Version   = "2012-10-17"
    Statement = [
        Effect = "Allow"
        Action = "sts:AssumeRoleWithWebIdentity"
        Principal = {
          Federated = "arn:aws:iam::${var.aws_oidc_account}:oidc-provider/"
        Condition = {
          "ForAnyValue:StringLike" = {
            "" = var.oidc_condition_statement

Terraform’s jsonencode function knows how to convert all Terraform values into equivalent JSON strings, including lists, and so the above should automatically convert var.oidc_condition_statement into a JSON array as part of encoding that entire value.

@apparentlymart ,Thank you for your reponse.It worked