How to use variables in a policy to replace the AccountId

0 votes

Hi Folks,
please how can replace AwsAccountId in a Policy to use variable?.I am trying to define the AccountId as variable but I am getting this error message : Invalid reference A reference to a resource type must be followed by at least one attribute access, specifying the resource name. I already defined my Terraform.tfvars as : AwsAccountId = “1234567890” Please help me out guys.Thanks in advance

"Sid": "Enable IAM Policies",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::${AwsAccountId}:root"
        },
        "Action": "kms:*",
        "Resource": "*"
    },
    {
        "Sid": "Allow CloudTrail to encrypt logs",
        "Effect": "Allow",
        "Principal": {
            "Service": "cloudtrail.amazonaws.com"
        },
        "Action": "kms:GenerateDataKey*",
        "Resource": "*",
        "Condition": {
            "StringLike": {
                "kms:EncryptionContext:aws:cloudtrail:arn": "arn:aws:cloudtrail:*:${AwsAccountId}:trail/*"

Jul 18, 2021 in AWS by bibi
edited Mar 4 52 views

No answer to this question. Be the first to respond.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.