2 min read | by Jordi Prats
Some times we need to generate a quoted comma separated list of strings out of a variable that is list of strings, for example, to generate an IAM policy like this one:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource": [ "arn:aws:secretsmanager:...", "arn:aws:secretsmanager:.." ]
}
]
}
To do so we can take advantage of the jsonencode function that produces compact JSON that we will push into a template. So first we will have to create a template like this, on this example the ARN_LIST variable will hold the JSON object
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource": ${ARN_LIST}
}
]
}
So now we'll have to create the policy like this:
resource "aws_iam_policy" "policy" {
name = "policy"
path = "/example/jsonencode/"
policy = templatefile("${path.module}/iam_policies/external-secrets.json",
{
ARN_LIST = jsonencode(var.secretsmanager_arns)
})
}
Thus, the ARN_LIST will hold a JSON object that will be translated to a string that will match what the policy expects, rendering the policy we wanted to generate in the first place
Posted on 03/11/2021