My intention was to get it to make all the resources which are three lists and concat them into one list but I am getting this error here: Inappropriate value for attribute "resources": element 0: string required.

Here is what I tried:

`
resources = [
       concat(
          [for b in concat(each.value.local_data_bucket_write, each.value.local_data_bucket_read) : "arn:aws:s3:::${b}"],
          [for b in concat(each.value.local_data_bucket_write, each.value.local_data_bucket_read) : "arn:aws:s3:::${b}/*"],
          ["arn:aws:sts:${var.aws_region}:${var.data_aws_account_id}:*"]
        )
      ]`

CodePudding user response：

Your expression includes both surrounding brackets [ ] and a call to the concat function, which returns a list. Therefore your expression is producing an extra wrapping list, like this:

[
  [
    "arn:aws:s3:::example",
    "arn:aws:s3:::example/*",
    "arn:aws:sts:example:example:*",
  ],
]

Remove the surrounding [ ] brackets and instead assign the concat result directly to resources. That function result is naturally a list of strings, and so it will already be of a suitable type for an argument which expects a collection of strings.

CodePudding user response：

It seems that your code has syntactical issue with an additional pair of [ ] in resources section.

Refer to Specifying Multiple Resources in AWS IAM policies for more details.

concat function already returns a list by combining multiple lists so correct code in your case should be

resources = concat(
          [for b in concat(each.value.local_data_bucket_write, each.value.local_data_bucket_read) : "arn:aws:s3:::${b}"],
          [for b in concat(each.value.local_data_bucket_write, each.value.local_data_bucket_read) : "arn:aws:s3:::${b}/*"],
          ["arn:aws:sts:${var.aws_region}:${var.data_aws_account_id}:*"]
        )