Inject a list from var into a policy template

arun.nair · April 21, 2021, 2:48pm

Wanted to inject a list from var into a policy template.

locals {
  buckets = ["arn:aws:s3:::bucket1", "arn:aws:s3:::bucket-2", "arn:aws:s3:::bucket-3"]
}

resource "aws_sns_topic_policy" "sns-policy" {
  policy = <<POLICY
  {
      "Version":"2012-10-17",
      "Statement":[{
          "Effect": "Allow",
          "Principal": {"Service":"s3.amazonaws.com"},
          "Action": "sns:Publish",
          "Resource":  "${aws_sns_topic.sns-topic.arn}",
          "Condition":{
              "ArnLike":{
                  "aws:SourceArn": "${local.buckets})"
              }
          }
      }]
  }
  POLICY
}

What I wanted to achieve is something like …
     "Condition":{
              "ArnLike":{
                  "aws:SourceArn": [
                      "arn:aws:s3:::bucket",
                      "arn:aws:s3:::bucket-1",
                      "arn:aws:s3:::bucket-2"
                  ]
              }

You could see here, I am trying to subscribe events from multiple s3 bucket to this sns topic.
I am not sure how this can be done. Any help would be highly appreciated. I am getting 

Error: Invalid template interpolation value

Tried few option but not having much luck.

klee · December 3, 2022, 11:50pm

It worked when I tried following inside aws_iam_policy_document

 condition {
      test     = "ArnLike"
      variable = "aws:SourceArn"

      values = values(the_buckets)[*].arn
    }