0

我正在尝试添加aws_config_config_rule具有一组的资源input_parameters,但我不断得到

Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: InvalidParameterValueException: Unknown parameters provided in the inputParameters: {"targetBucket":"mybucket"}.

# Enables access logging for the CloudTrail S3 bucket
resource aws_config_config_rule cloudtrail-s3-bucket-logging-enabled {
    name = "cloudtrail-s3-bucket-logging-enabled"
    description = "Checks whether logging is enabled for your S3 buckets."

    source {
        owner   = "AWS"
        source_identifier = "S3_BUCKET_LOGGING_ENABLED"
    }

    scope {
        compliance_resource_id = aws_s3_bucket.mybucket.arn
        compliance_resource_types = ["AWS::S3::Bucket"]
    }

    input_parameters = jsonencode({"targetBucket":"${aws_s3_bucket.mybucket.id}"})
}

我想我可以使用 jsonencode 函数https://www.terraform.io/docs/configuration/functions/jsonencode.html。我遇到了一个 github 问题:https ://github.com/hashicorp/terraform/issues/14074 ,但它与我遇到的不同。任何帮助将不胜感激。

4

1 回答 1

1

我为此规则使用了错误的输入参数。这有效

# Ensures that the S3 bucket used by CloudTrail is not publicly accessible
resource aws_config_config_rule cloudtrail-s3-bucket-not-publicy-accessible {
    name = "cloudtrail-s3-bucket-not-publicy-accessible"
    description = "Checks whether the required public access block settings are configured from account level. The rule is only NON_COMPLIANT when the fields set below do not match the corresponding fields in the configuration item."

    source {
        owner   = "AWS"
        source_identifier = "S3_ACCOUNT_LEVEL_PUBLIC_ACCESS_BLOCKS"
    }

    scope {
        compliance_resource_id = aws_s3_bucket.mybucket.id
        compliance_resource_types = ["AWS::S3::Bucket"]
    }
    input_parameters =  "{\"IgnorePublicAcls\":\"True\",\"BlockPublicPolicy\":\"True\",\"BlockPublicAcls\":\"True\",\"RestrictPublicBuckets\":\"True\"}"
}
于 2020-11-23T19:59:49.473 回答