Currently I have an AWS S3 bucket that has been deployed as well as a policy. The policy contains Principles from other Terrraform code out side of what I’m working on. I have put the principles in my dev.json file ex:
“UserBucketActions”: [ “arn:aws:iam:::role/dev-s3-read-role",
"arn:aws:iam:::role/lambda-s3”,
“arn:aws:iam:::user/search/logs.dev.svc.s3",
"arn:aws:iam:::user/user/search/logs.dev.svc.s3read”
]
Now I’m trying to get Terraform to take that and add the roles / user to the policy section but having a hard time. I keep getting different errors the most common is var contains a list but the policy requires string. I have attempted to break out the policy to its own Json file from my main.ty like the below.
resource “aws_s3_bucket_policy” “custom_customer_bucket_policy” {
bucket = aws_s3_bucket.custom_customer_bucket.id
policy = templatefile("./policy/S3_Policy.json",
{
UserBucketActions = jsonencode(var.UserBucketActions),
UserBucketObjectsActions = jsonencode(var.UserBucketObjectsActions),
ReadBucketObjectsActions = jsonencode(var.ReadBucketObjectsActions),
custom_customer_bucket_arn = aws_s3_bucket.custom_customer_bucket.arn
}
)
}
But I keep receiving the below error and not sure how to get around this as I also have a prod.json file and would hate to have to hardcode the policys arns. I have also validated all of my Json so unsure where my issue resides.
Error: "policy" contains an invalid JSON: invalid character 'a' after object key:value pair
on main.tf line 22, in resource "aws_s3_bucket_policy" "custom_customer_bucket_policy":
22: resource "aws_s3_bucket_policy" "custom_customer_bucket_policy" {
Terraform version
Terraform v0.12.26
- provider.aws v2.70.0