How can I solve the error message I am receiving in my below code in my policy documents-CodePudding

I am getting the below error when i run terraform apply : Invalid template interpolation value var.oidc_condition_statement is list of string with 2 elements Cannot include the given value in a string template: string required.

resource "aws_iam_role" "Orchestration_role"{
    name = var.orchestration_role_name

    assume_role_policy = <<EOF
{
    "Version":"2012-10-17",
    "Statement": [
        {
           "Effect": "Allow",
           "Action": "sts:AssumeRoleWithWebIdentity",
           "Principal":{
               "Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
           },
           "Condition":{
               "ForAnyValue:StringLike":{
                   "token.actions.githubusercontent.com:sub": "${var.oidc_condition_statement}"
               }
           }
        }
    ]
}
EOF
}

variable.tf

variable "oidc_condition_statement"{
    type = list(string)
}

tfvars

oidc_condition_statement          = ["repo:organization/terraform-aws-githubaction:ref:refs/heads/staging","repo:organization/terraform-aws-githubaction:pull_request"]

CodePudding user response：

Please use jsonencode:

resource "aws_iam_role" "Orchestration_role"{
    name = var.orchestration_role_name

    assume_role_policy = <<EOF
{
    "Version":"2012-10-17",
    "Statement": [
        {
           "Effect": "Allow",
           "Action": "sts:AssumeRoleWithWebIdentity",
           "Principal":{
               "Federated":"arn:aws:iam::${var.aws_oidc_account}:oidc-provider/token.actions.githubusercontent.com"
           },
           "Condition":{
               "ForAnyValue:StringLike":{
                   "token.actions.githubusercontent.com:sub": ${jsonencode(var.oidc_condition_statement)}
               }
           }
        }
    ]
}
EOF
}