flosell
commented
2 years ago Hi @joemilacek, thanks for reaching out! Looking at your example, my guess is this is coming from a CloudFormation Template? Those are slightly different from the plain IAM policy documents this tool is intended for.
Using only the PolicyDocument part and stripping out CF-specifics (the FN::Sub in your example) would convert:
{
"Version": "2012-10-17",
"Statement":
{
"Effect": "Allow",
"Action": [
"lambda:Get*",
"lambda:List*",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:UpdateFunctionCode",
"lambda:PublishVersion",
"lambda:CreateAlias",
"lambda:DeleteAlias",
"lambda:UpdateAlias",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:InvokeFunction"
],
"Resource": ["arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${AppId}-*"]
}
}Now, beyond this, you actually raise two good, more general points:
- There probably should be a better error message for cases like this, where the input isn't what was expected
- Being able to convert CloudFormation snippets into Terraform might actually be an interesting use-case. I'm guessing it'd be a bit more involved, esp. with things like substitution. But if there's enough interest, this might still be worth exploring.
What do you think?
I keep pasting different sections of IAM policy JSON into the web converter and nothing happens. Which section of policy do I start at? Can I include multiple policies in one? The tool isn't giving me any feedback.
This sounds great but it is not working for me without some more specific information.
For example:
...results in nothing:
Other pastes w/ actual formatting issues do give some error output, so it's not like the whole web app isn't working for me.
I'm sure I'm doing something wrong, but if it's not too much trouble to hint at what it could be, that would be awesome!
This could just be my ignorance though!!