Menu
I'm trying to use terraform to create a model on SageMaker by following this page I can't assign a full access policy to the sagemaker role due to permission constrains, so I created a role and attached a policy with part of the permissions
When I tested Terraform plan, it gave me this:
Error: Invalid template interpolation value
...
..........................
141: "ecr:GetRepositoryPolicy"
142: ],
143: "Resource": [
144: "arn:aws:s3:::${aws_s3_bucket.xx_xxxxxxxxxx_xxx_bucket}",
145: "arn:aws:s3:::${local.binaries_bucket_name}",
146: "arn:aws:s3:::${aws_s3_bucket.xx_xxxxxxxxxx_xxx_bucket}/*",
147: "arn:aws:s3:::${local.binaries_bucket_name}/*",
148: "arn:aws:ecr:us-east-1:*:repository/*",
149.....................
157: }
158: ]
159: }
160: POLICY
|----------------
| aws_s3_bucket.xx_xxxxxxxxxx_xxx_bucket is object with 25 attributes
Cannot include the given value in a string template: string required.
I'm new to this, just wondering if this is complaining the bucket name is too long or something else? What should I do to fix this, I'm a bit confused. Many thanks.
(PS: Terraform version v0.13.4 + provider registry.terraform.io/hashicorp/aws v3.20.0)
519
It appears what you want here is the ARN of the S3 bucket, which is provided by exported resource attributes. Specifically, you probably want the arn resource attribute.
Updating your policy like:
144: "${aws_s3_bucket.xx_xxxxxxxxxx_xxx_bucket.arn}",
146: "${aws_s3_bucket.xx_xxxxxxxxxx_xxx_bucket.arn}/*",
will provide you with the String that you need by accessing the arn attribute. The currently written policy is accessing aws_s3_bucket.xx_xxxxxxxxxx_xxx_bucket, which is a Map (possibly Object) of every argument and attribute for that resource, and will not interpolate within the string of your policy.
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
