我试图在IAM角色中使用AWSBackupServiceRolePolicyForBackup
策略:
data "aws_iam_policy" "aws_backup_service_policy" {
arn = "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup"
}
resource "aws_iam_role_policy" "backup_service_aws_backup_role_policy" {
policy = data.aws_iam_policy.aws_backup_service_policy.policy
role = aws_iam_role.backup_service_role.name
}
结果是:
错误:正在放置IAM角色策略terraform—20240401140929162200000001:LimitExceeded:超过角色foundry—terraform—backup—service—role—dev的最大策略大小10240字节
This makes sense, as the json for the role is actually over the maximum policy size. However, I've tried minifying the JSON with:
```hcl
resource "aws_iam_role_policy" "backup_service_aws_backup_role_policy" {
policy = jsonencode(jsondecode(data.aws_iam_policy.aws_backup_service_policy.policy))
role = aws_iam_role.backup_service_role.name
}
如所述here:
从Terraform 0.12开始,您可以使用jsondecode和jsonencode的往返生成小型JSON,因为jsonencode总是生成最小的JSON.
如果我创建一个输出,我可以验证value
确实被缩小了:
output "policy_json" {
value = jsonencode(jsondecode(data.aws_iam_policy.aws_backup_service_policy.policy))
description = "the policy json"
但当我try apply
配置时,我最终会遇到同样的错误.为什么政策在申请时没有缩小?