search

flosell / iam-policy-json-to-terraform

Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document
https://flosell.github.io/iam-policy-json-to-terraform/
Apache License 2.0
774 stars 58 forks source link

Be able to convert documents that have embedded terraform interpolations that break JSON parsing #16

Closed flosell closed 3 years ago

flosell commented 4 years ago

(triggered by #13)

When writing policy JSONs inline as heredoc, one often includes terraform interpolations for certain values, e.g.

locals {
  path_elements = ["foo","bar"]
}

resource "aws_iam_policy" "policy" {
  name        = "test_policy"
  path        = "/"
  description = "My test policy"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:Get*"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::foo/${join("/",local.path_elements)}"
    }
  ]
}
EOF
}

In this example, the extra quotes inside the interpolation make this invalid JSON, we can't parse it.

flosell commented 3 years ago

Fix released in v1.6.0