【发布时间】:2021-09-02 10:08:52
【问题描述】:
我正在尝试在 Terraform 中设置 S3 存储桶策略。我在模块core/main.tf中编写了以下代码:
resource "aws_s3_bucket_policy" "access_to_bucket" {
bucket = aws_s3_bucket.some_bucket.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = ["s3:GetObject", "s3:GetObjectAcl", "s3:ListBucket"]
Effect = "Allow"
Principal = "${var.some_variable_name}"
Resource = [
"${aws_s3_bucket.some_bucket.arn}",
"${aws_s3_bucket.some_bucket.arn}/*"
]
},
]
})
}
然后在本地模块中实例化,该模块使用 localstack 在本地运行。
这是生成的计划:
Terraform will perform the following actions:
# module.local.aws_s3_bucket_policy.access_to_bucket will be created
+ resource "aws_s3_bucket_policy" "access_to_bucket" {
+ bucket = "some_bucket"
+ id = (known after apply)
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = [
+ "s3:GetObject",
+ "s3:GetObjectAcl",
+ "s3:ListBucket",
]
+ Effect = "Allow"
+ Principal = "arn:aws:iam::000000000000:role/test_role"
+ Resource = [
+ "arn:aws:s3:::some-bucket/*",
+ "arn:aws:s3:::some-bucket",
]
},
]
+ Version = "2012-10-17"
}
)
}
╷
│ Error: Error putting S3 policy: MalformedPolicy: Invalid policy syntax.
│ status code: 400, request id, host id
│
│ with module.local.aws_s3_bucket_policy.access_to_bucket,
│ on ../core/main.tf line 55, in resource "aws_s3_bucket_policy" "access_to_bucket":
│ 55: resource "aws_s3_bucket_policy" "access_to_bucket" {
│
在本地和 AWS 中运行它最终会出现此错误。我猜这是某处的语法错误,但 AFAIK 这是正确的。有什么线索吗?
【问题讨论】:
标签: amazon-web-services amazon-s3 terraform terraform-provider-aws