resource "aws_organizations_policy" "tag_enforcement_eks" {
name = "tag_enforcement_eks"
content = <<EOT
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Deny if org:bu absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:bu": ${jsonencode(var.bu)}
}
}
},
{
"Sid": "Deny if org:zone absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:zone": ${jsonencode(var.zone)}
}
}
},
{
"Sid": "Deny if org:team absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:team": ${jsonencode(var.team)}
}
}
},
{
"Sid": "Deny if org:cluster absent",
"Effect": "Deny",
"Action": [
"eks:CreateNodegroup",
"eks:CreateCluster"
],
"Resource": "*",
"Condition": {
"StringNotLike": {
"aws:RequestTag/org:cluster": ${jsonencode(var.cluster)}
}
}
}
]
}
EOT
}
MalformedPolicyDocumentException:提供的策略文档不符合指定策略类型的要求。创建服务控制策略,我看到代码是正确的,无法验证问题出在哪里。谁能帮我吗?
错误在哪里?