创建IAM角色时出错。 MalformedPolicyDocument:具有禁止字段Resource。地貌

我看过几个链接,但我必须看一个例子。 我有:

resource "aws_iam_role" "role" {
  name = "role"

  assume_role_policy = <<-EOF
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "Stmt1590217939125",
        "Action": "s3:*",
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::wwe"
      },
      {
        "Sid": "Stmt1590217939125",
        "Action": "s3:*",
        "Effect": "Allow",
        "Resource": "arn:aws:s3:::wwe/*"
      },
      {
        "Sid": "Stmt1577967806846",
        "Action": [
          "secretsmanager:DescribeSecret",
          "secretsmanager:GetRandomPassword",
          "secretsmanager:GetResourcePolicy",
          "secretsmanager:GetSecretValue",
          "secretsmanager:ListSecretVersionIds",
          "secretsmanager:ListSecrets"
        ],
        "Effect": "Allow",
        "Resource": "*"
      }
    ]
}
  EOF
  tags = {
    Name        = wwe
    Environment = STAGE
  }
}

当我做的时候

terraform apply

我看到了:

  # aws_iam_role.role will be created
  + resource "aws_iam_role" "role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = "s3:*"
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::wwe"
                      + Sid      = "Stmt1590217939125"
                    },
                  + {
                      + Action   = "s3:*"
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::wwe/*"
                      + Sid      = "Stmt1590217939125"
                    },
                  + {
                      + Action   = [
                          + "secretsmanager:DescribeSecret",
                          + "secretsmanager:GetRandomPassword",
                          + "secretsmanager:GetResourcePolicy",
                          + "secretsmanager:GetSecretValue",
                          + "secretsmanager:ListSecretVersionIds",
                          + "secretsmanager:ListSecrets",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "Stmt1577967806846"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = "role"
      + path                  = "/"
      + tags                  = {
          + "Environment" = "STAGE"
          + "Name"        = "wwe"
        }
      + unique_id             = (known after apply)
    }

After, when I am writing yes, I see:

Error: Error creating IAM Role role: MalformedPolicyDocument: Has prohibited field Resource
        status code: 400

哪里,我有错误?请不要发布指向相同问题的链接。我不明白,如果有错误,请问您有没有错误的例子? 感谢您的关注。