Difference between revisions of "Terraform resources: aws s3 bucket policy"
Jump to navigation
Jump to search
| Line 11: | Line 11: | ||
resource "aws_s3_bucket_policy" "allow_access_from_another_account" { | resource "aws_s3_bucket_policy" "allow_access_from_another_account" { | ||
bucket = aws_s3_bucket.example.id | bucket = aws_s3_bucket.example.id | ||
| − | policy = data.aws_iam_policy_document.allow_access_from_another_account.json | + | policy = [[data.]]aws_iam_policy_document.allow_access_from_another_account.json |
} | } | ||
| Line 33: | Line 33: | ||
} | } | ||
</pre> | </pre> | ||
| − | |||
== See also == | == See also == | ||
Revision as of 13:52, 2 March 2023
aws_s3_bucket_policy
Official example
resource "aws_s3_bucket" "example" {
bucket = "my-tf-test-bucket"
}
resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
bucket = aws_s3_bucket.example.id
policy = [[data.]]aws_iam_policy_document.allow_access_from_another_account.json
}
data "aws_iam_policy_document" "allow_access_from_another_account" {
statement {
principals {
type = "AWS"
identifiers = ["123456789012"]
}
actions = [
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.example.arn,
"${aws_s3_bucket.example.arn}/*",
]
}
}
See also
- Terraform S3 resources:
aws_s3_bucket, aws_s3_object, aws_s3_bucket_policy, aws_s3_bucket_acl, aws_s3_bucket_website_configuration, aws_s3_bucket cors_configuration, aws_s3_account_public_access_block, Terraform module: s3-bucket,aws_s3_bucket_versioning, aws_s3_bucket_server_side_encryption_configuration, aws_s3_bucket_logging
Advertising:
