How do I create an S3 bucket policy from a template in Terraform 0.12?

TheFiddlerWins Published at Dev

31

TheFiddlerWins

I am trying to create an S3 bucket policy via Terraform 0.12 that will change based on environment (dev/prod). Here is a portion of the policy:

{
            "Sid": "AllowAdminAccessToBuckets",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetBucket*"
            ],
            "Resource": [
                "arn:aws:s3:::${var.env-bucket}",
                "arn:aws:s3:::${var.env-bucket}/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:sourceVpce": "${var.env-vpce}"
                }
            }
        }

If I do it with a JSON formatted document (not a template) the following works:

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  policy = "${file("templates/policy.json")}"
}

How do I specify the variables in the policy?

Mahattam

You can use data resource to create a JSON template for policy by passing the variables based on your environment and use that template_file as policy in aws_s3_bucket resource.

variable "env-bucket" {
  default = "sample"
}
variable "env-vpce" {
  default = "sample-vpc"
}

data "template_file" "policy" {
  template = "${file("policy.json")}"

  vars = {
    env-bucket = "${var.env-bucket}"
    env-vpce   = "${var.env-vpce}"
   }
}

resource "aws_s3_bucket" "b" {
   bucket = "my-tf-test-bucket"
   policy = "${data.template_file.policy.rendered}"
}

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2020-12-11

Comments

0 comments

Login to comment

Related

How do I do an OR condition in an S3 bucket policy?

Terraform: How do I create an S3 bucket with objects in it which contain timestamp of when the code was executed?

How do I grant cross account access to an encrypted bucket with a simple s3 bucket policy?

How do I unlock or delete an AWS S3 bucket that inadvertently locked with a bucket policy?

How do I conditionally create an S3 bucket

Terraform - attach policy to s3 bucket

How do I create a Presigned URL to download a file from an S3 Bucket using Boto3?

How do I apply a lifecycle rule to an EXISTING s3 bucket in Terraform?

How to create a folder in an amazon S3 bucket using terraform

How to avoid cycle error when setting an S3 bucket policy with a template that depends on the bucket name?

AWS IAM Policies: How do I alter the AWSLambdaFullAccess policy to only allow access to one S3 bucket?

Why am I getting a cycle error when setting a S3 bucket policy with a template file?

How can I add IP restrictions to s3 bucket(in the bucket Policy) already having a User restriction

Build a S3 bucket policy with terraform dynamic blocks

Terraform always says changes on templatefile for s3 bucket policy

Malformed S3 policy from Terraform

How do I return the data from S3 bucket in node?

How do I download all files from S3 bucket that was uploaded on a specific date?

How can I create a s3 bucket subdirectory (Serverless)?

How to create a folder on s3 bucket from python script?

How to create correct S3 bucket policy to enable read access to a file only if they know the path

How should I set up my bucket policy so I can deploy to S3?

How do I test if a bucket exists on AWS S3

How do I search in AWS S3 bucket?

How can I copy a file from s3 bucket into an ec2 instance using userdata inside a cloudformation template

Access Denied when creating S3 Bucket ACL & S3 Policy using Terraform

S3 bucket policy, how to ALLOW a IAM group from another account?

How do I create an S3 lifecycle policy that moves everything to intelligent tiering and maintains a single previous version for a window of X days

I have a Query about AWS S3 bucket policy

TOP Ranking

Article

HotTag

Archive