您可以使用一个列表来存储不同IAM策略的ARN。这样,在定义IAM角色和策略时,可以引用这些ARN。这样,您就可以避免多次导入相同的IAM策略。
以下是示例代码,其中包含如何通过列表来解决该问题:
policy_arns = [ "arn:aws:iam::aws:policy/AmazonS3FullAccess", "arn:aws:iam::aws:policy/AmazonEC2FullAccess" ]
iam_policy1 = aws_iam_policy("example-policy1", policy = json.dumps({ "Version": "2012-10-17", "Statement": [{ "Actions": ["s3:"], "Effect": "Allow", "Resource": ["arn:aws:s3:::example-bucket/"] }] }), description = "Example policy 1" )
iam_policy2 = aws_iam_policy("example-policy2", policy_arn = policy_arns[1], description = "Example policy 2" )
iam_role = aws_iam_role("example-role", assume_role_policy = json.dumps({ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole" } ] }), description = "Example role" )
aws_iam_role_policy_attachment("example-attachment", role = iam_role.name, policy_arn = policy_arns[0] )