【发布时间】:2021-12-14 11:03:36
【问题描述】:
我创建了 2 个存储桶。一个会一直创建,一个会在 env 是 QA 时创建。
resource "aws_s3_bucket" "bucket_always" {
bucket_prefix = format("bucket.always")
acl = "private"
versioning {
enabled = true
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
}
}
}
}
resource "aws_s3_bucket" "bucket_conditional" {
count = var.name == "qa" ? 1 : 0
bucket_prefix = format("bucket.conditional")
acl = "private"
versioning {
enabled = true
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "aws:kms"
}
}
}
}
现在如何创建 IAM 并添加两个存储桶 arn?由于条件桶,以下策略将不起作用
data "aws_iam_policy_document" "test_policy_document" {
statement {
actions = [
"s3:ListBucket",
]
resources = [
aws_s3_bucket.bucket_always.arn,
aws_s3_bucket.bucket_conditional.arn,
]
}
statement {
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
]
resources = [
"${aws_s3_bucket.bucket_always.arn}/*",
"${aws_s3_bucket.bucket_conditional.arn}/*",
]
}
}
【问题讨论】:
标签: terraform terraform-provider-aws