ryan-lane
commented
7 years ago I think you need to specify this as multiple statements, rather than having both principals in the same statement.
Closed amitsaha closed 7 years ago
ryan-lane
commented
7 years ago I think you need to specify this as multiple statements, rather than having both principals in the same statement.
amitsaha
commented
7 years ago @ryan-lane thanks for the response. It didn't work, i get the same error. Do you have any other ideas? Not sure, probably it's a Terraform bug.
Thanks.
ryan-lane
commented
7 years ago Not totally sure. May want to ask the terraform folks for help. We're using saltstack for aws orchestration and the trust policies we define like this are working (though we have ours listed as multiple statements).
ryan-lane
commented
7 years ago Going to close this out, since it's not directly related to metadataproxy.
eric-aldinger
commented
7 years ago The answer is the documentation is off a bit for Terraform. Include your principals in an identifiers array.
data "aws_iam_policy_document" "report_ami_principals"{
statement {
actions = ["sts:AssumeRole"],
principals {
type = "Service"
identifiers = [
"ec2.amazonaws.com",
"events.amazonaws.com",
"logs.us-west-1.amazonaws.com",
"logs.us-west-2.amazonaws.com",
"logs.us-east-1.amazonaws.com",
"logs.us-east-2.amazonaws.com",
"rds.amazonaws.com",
"s3.amazonaws.com",
"monitoring.rds.amazonaws.com",
]
}
}
}
Hello, I am following the README and while trying to create a trust policy as follows:
I get the following:
FWIW, I am doing this via Terraform:
Not sure what I am doing wrong here. Any suggestions?
I could update the relationship using the Web UI, but not able to do via Terraform. Filed an issue with Terraform as well. https://github.com/hashicorp/terraform/issues/13449