0

I wanted to update my sns target policy using terraform, below is my code. But my terraform plan is failing with below error.

Expected the start of an expression, but found an invalid expression token.
Error: Argument or block definition required

and the second query is how i can interpolate arn name inside the heredoc. Learning terraform so unsure what is going wrong.

resource "aws_sns_topic_policy" "default" {
  arn                   = aws_sns_topic.topic_name.arn
  policy              = <<EOF 
{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish"
      ],
      "Resource": "aws_sns_topic.topic_name.arn",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "local.account_id"
        }
      }
    },
    {
      "Sid": "AWSEvents_Datasync",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "aws_sns_topic.topic_name.arn"
    }
  ]
}
EOF
}
Improve this question

1 Answer 1

Reset to default
1

You haven't indicated to Terraform that you want to interpolate any of the values inside the heredoc, you have just added them all as plain strings. You need to wrap each interpolated value in ${} to interpolate those values:

resource "aws_sns_topic_policy" "default" {
  arn                   = aws_sns_topic.topic_name.arn
  policy              = <<EOF 
{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish"
      ],
      "Resource": "${aws_sns_topic.topic_name.arn}",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "${local.account_id}"
        }
      }
    },
    {
      "Sid": "AWSEvents_Datasync",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "${aws_sns_topic.datasync_task_sns[0].arn}"
    }
  ]
}
EOF
}

Note that the AWS Terraform provider has a helper for creating policy documents and generating the policy JSON string. This is often cleaner to use and less error-prone than using heredocs.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hi @Mark B - Thanks, i have updated the code now. Still plan is failing with below error. rror: Invalid expression on module.tf line 110, in resource "aws_sns_topic_policy" "default": 110: policy = <<EOF Expected the start of an expression, but found an invalid expression token. Error: Argument or block definition required
Make sure you don't have any spaces after <<EOF. There should be nothing but a newline after that.
Perfect thanks, fixed now.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.