Terraform：IAMロールの作成エラー。 MalformedPolicyDocument：フィールドリソースが禁止されています

Question

私のTFコードは私にエラーを与えています：

 /* * Policy: AmazonEC2ReadOnlyAccess */ assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:Describe*", "Resource": "*" } ] } EOF

https://console.aws.Amazon.com/iam/home?region=us-west-2#/policies/arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccessからポリシーをコピーして貼り付けました $ jsonEditor

* aws_iam_role.<role name>: Error creating IAM Role <role name>: MalformedPolicyDocument: Has prohibited field Resource status code: 400, request id: <request id>

リソースが禁止されている理由はわかりません。

Gangaraju · Answer

sts:AssumeRoleに言及する必要があります。既存のポリシーを複製する代わりに、aws_iam_role_policy_attachmentを使用してポリシーを直接添付できます。

resource "aws_iam_role" "ec2_iam_role" { name = "ec2_iam_role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } EOF } resource "aws_iam_role_policy_attachment" "ec2-read-only-policy-attachment" { role = "${aws_iam_role.ec2_iam_role.name}" policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess" }