Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

terraform, aws_sns_topic_policy use here doc for policy and interpolate variable inside heredoc

byMR
September 21, 2023

I wanted to update my sns target policy using terraform, below is my code. But my terraform plan is failing with below error.

Expected the start of an expression, but found an invalid expression token.
Error: Argument or block definition required

and the second query is how i can interpolate arn name inside the heredoc. Learning terraform so unsure what is going wrong.

resource "aws_sns_topic_policy" "default" {
  arn                   = aws_sns_topic.topic_name.arn
  policy              = <<EOF 
{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish"
      ],
      "Resource": "aws_sns_topic.topic_name.arn",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "local.account_id"
        }
      }
    },
    {
      "Sid": "AWSEvents_Datasync",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "aws_sns_topic.topic_name.arn"
    }
  ]
}
EOF
}

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

You haven’t indicated to Terraform that you want to interpolate any of the values inside the heredoc, you have just added them all as plain strings. You need to wrap each interpolated value in ${} to interpolate those values:

resource "aws_sns_topic_policy" "default" {
  arn                   = aws_sns_topic.topic_name.arn
  policy              = <<EOF 
{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish"
      ],
      "Resource": "${aws_sns_topic.topic_name.arn}",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "${local.account_id}"
        }
      }
    },
    {
      "Sid": "AWSEvents_Datasync",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "${aws_sns_topic.datasync_task_sns[0].arn}"
    }
  ]
}
EOF
}

Note that the AWS Terraform provider has a helper for creating policy documents and generating the policy JSON string. This is often cleaner to use and less error-prone than using heredocs.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading