Difference between revisions of "Terraform resources: aws s3 bucket policy"
Jump to navigation
Jump to search
| Line 2: | Line 2: | ||
aws_s3_bucket_policy | aws_s3_bucket_policy | ||
| + | |||
| + | == Official example == | ||
| + | <pre> | ||
| + | resource "aws_s3_bucket" "example" { | ||
| + | bucket = "my-tf-test-bucket" | ||
| + | } | ||
| + | |||
| + | resource "aws_s3_bucket_policy" "allow_access_from_another_account" { | ||
| + | bucket = aws_s3_bucket.example.id | ||
| + | policy = data.aws_iam_policy_document.allow_access_from_another_account.json | ||
| + | } | ||
| + | |||
| + | data "aws_iam_policy_document" "allow_access_from_another_account" { | ||
| + | statement { | ||
| + | principals { | ||
| + | type = "AWS" | ||
| + | identifiers = ["123456789012"] | ||
| + | } | ||
| + | |||
| + | actions = [ | ||
| + | "s3:GetObject", | ||
| + | "s3:ListBucket", | ||
| + | ] | ||
| + | |||
| + | resources = [ | ||
| + | aws_s3_bucket.example.arn, | ||
| + | "${aws_s3_bucket.example.arn}/*", | ||
| + | ] | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
Revision as of 13:51, 2 March 2023
aws_s3_bucket_policy
Official example
resource "aws_s3_bucket" "example" {
bucket = "my-tf-test-bucket"
}
resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
bucket = aws_s3_bucket.example.id
policy = data.aws_iam_policy_document.allow_access_from_another_account.json
}
data "aws_iam_policy_document" "allow_access_from_another_account" {
statement {
principals {
type = "AWS"
identifiers = ["123456789012"]
}
actions = [
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.example.arn,
"${aws_s3_bucket.example.arn}/*",
]
}
}
See also
- Terraform S3 resources:
aws_s3_bucket, aws_s3_object, aws_s3_bucket_policy, aws_s3_bucket_acl, aws_s3_bucket_website_configuration, aws_s3_bucket cors_configuration, aws_s3_account_public_access_block, Terraform module: s3-bucket,aws_s3_bucket_versioning, aws_s3_bucket_server_side_encryption_configuration, aws_s3_bucket_logging
Advertising:
