How to use variables in a policy to replace the AccountId

darekorex · July 17, 2021, 1:38pm

Hi Folks,
please how can replace AwsAccountId in a Policy to use variable?.I am trying to define the AccountId as variable but I am getting this error message : Invalid reference A reference to a resource type must be followed by at least one attribute access, specifying the resource name. I already defined my Terraform.tfvars as : AwsAccountId = “1234567890” Please help me out guys.Thanks in advance

"Sid": "Enable IAM Policies",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::${AwsAccountId}:root"
        },
        "Action": "kms:*",
        "Resource": "*"
    },
    {
        "Sid": "Allow CloudTrail to encrypt logs",
        "Effect": "Allow",
        "Principal": {
            "Service": "cloudtrail.amazonaws.com"
        },
        "Action": "kms:GenerateDataKey*",
        "Resource": "*",
        "Condition": {
            "StringLike": {
                "kms:EncryptionContext:aws:cloudtrail:arn": "arn:aws:cloudtrail:*:${AwsAccountId}:trail/*"
            }

Topic		Replies	Views
Passing variable in a policy Terraform	9	2899	August 16, 2021
Error: Invalid provider configuration reference Terraform	3	2900	June 29, 2022
Variables not allowed Terraform	2	4703	April 18, 2023
Variables best practice Terraform	3	943	May 21, 2020
Using variables calling arn to amazon inside a list Terraform	2	849	August 31, 2021

How to use variables in a policy to replace the AccountId

Related topics