👀 Views: 29 💬 Answers: 1 📅 Created: 2025-07-02

terraform aws sns HCL

I'm dealing with I'm trying to figure out Does anyone know how to I keep running into I tried several approaches but none seem to work. I tried several approaches but none seem to work. I'm working with an scenario with my Terraform configuration while trying to define an AWS SNS topic policy using local variables. The intention is to have a flexible policy that can accommodate different users based on their roles. However, I'm getting an 'Invalid function argument' behavior, which seems to stem from how I'm referencing the local variable within the policy. Here's a snippet of my code: ```hcl locals { user_roles = { "admin" = "arn:aws:iam::123456789012:role/AdminRole", "user" = "arn:aws:iam::123456789012:role/UserRole" } } resource "aws_sns_topic" "my_topic" { name = "my_sns_topic" } resource "aws_sns_topic_policy" "my_topic_policy" { arn = aws_sns_topic.my_topic.arn policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Principal = "*" Action = "SNS:Publish" Resource = aws_sns_topic.my_topic.arn Condition = { StringEquals = { "aws:PrincipalArn" = local.user_roles["admin"] } } } ] }) } ``` When I run `terraform apply`, I get the behavior: `behavior: Invalid function argument on main.tf line 15, in resource "aws_sns_topic_policy" "my_topic_policy": 15: "aws:PrincipalArn" = local.user_roles["admin"] This value must be a string.`. I've verified that the role ARN exists and that it’s a valid string, but I suspect that the way I'm trying to reference the `local.user_roles` might be incorrect. I've also tried to hardcode the ARN directly in the condition to check if it's a local variable scenario, and that worked fine, so it seems isolated to how I'm using the local variable within the context of the JSON structure in the policy. I’m using Terraform version 1.3.0. Any suggestions on how to resolve this would be greatly appreciated! For context: I'm using Hcl on Windows. Any help would be greatly appreciated! Any ideas how to fix this? This issue appeared after updating to Hcl 3.10. I'd be grateful for any help. I've been using Hcl for about a year now. My team is using Hcl for this REST API. Any suggestions would be helpful. Any ideas how to fix this?