1

我正在使用 Terraform 版本 0.14.5 创建一些 AWS Config 规则。我正在使用如下所示的 for_each 方法定义资源。我收到一条错误消息,指出我的 JSON 无效。我已经使用JSONlint等工具来验证我的 JSON,但我仍然面临这个问题。下面是我如何定义我面临的资源、变量、潜在输出和错误。任何见解都会有所帮助。

资源

resource "aws_config_config_rule" "managed_rules" {
  for_each         = var.managed_rules
  name             = each.value.name
  description      = each.value.description
  input_parameters = jsonencode(each.value.input_parameters)

  source {
    owner             = each.value.owner
    source_identifier = each.value.source_identifier
  }

  depends_on = [aws_config_configuration_recorder.config_recorder]
}

多变的

variable "managed_rules" {


type = map(object({
    name              = string
    description       = string
    owner             = string
    source_identifier = string
    input_parameters  = string
  }))
  default = {
    "1" = {
      name              = "account-part-of-organizations"
      description       = "Rule checks whether AWS account is part of AWS Organizations. The rule is NON_COMPLIANT if the AWS account is not part of AWS Organizations or AWS Organizations master account ID does not match rule parameter MasterAccountId."
      owner             = "AWS"
      source_identifier = "ACCOUNT_PART_OF_ORGANIZATIONS"
      input_parameters  = <<EOL
      {
        "MaximumExecutionFrequency": "TwentyFour_Hours"
      }
EOL
    }
  }
}

潜在产出

Terraform will perform the following actions:

# aws_config_config_rule.managed_rules["1"] will be updated in-place
  ~ resource "aws_config_config_rule" "managed_rules" {
        id               = "account-part-of-organizations"
      + input_parameters = "\"      {\\n        \\\"MaximumExecutionFrequency\\\": \\\"TwentyFour_Hours\\\"\\n      }\\n\""
        name             = "account-part-of-organizations"
        tags             = {}
        # (4 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

错误

Error: Error creating AWSConfig rule: Failed to create AWSConfig rule: 
InvalidParameterValueException: Invalid json "      {\n        \"MaximumExecutionFrequency\": \"TwentyFour_Hours\"\n      }\n" passed in the inputParameters field.
4

1 回答 1

1

在您的managed_rules变量中,该input_parameters属性是一个字符串。当您对资源jsonencodeinput_parameters属性aws_config_config_rule进行编码时,您正在编码一个已经是字符串的值。

我能够通过将您的managed_rules变量更改为以下内容来解决该问题:

variable "managed_rules" {


  type = map(object({
    name              = string
    description       = string
    owner             = string
    source_identifier = string
    input_parameters  = map(any)
  }))
  default = {
    "1" = {
      name              = "account-part-of-organizations"
      description       = "Rule checks whether AWS account is part of AWS Organizations. The rule is NON_COMPLIANT if the AWS account is not part of AWS Organizations or AWS Organizations master account ID does not match rule parameter MasterAccountId."
      owner             = "AWS"
      source_identifier = "ACCOUNT_PART_OF_ORGANIZATIONS"
      input_parameters = {
        "MaximumExecutionFrequency" : "TwentyFour_Hours"
      }
    }
  }
}

请注意,我将input_parametersfrom的类型更改stringmap(any)

现在,当您调用资源jsonencodeinput_parameters属性时aws_config_config_rule,它会将字符串映射编码为 JSON 编码的字符串。

于 2021-07-15T18:16:08.790 回答