政策中的S3桶名,地形
政策中的S3桶名,地形
提问于 2020-12-26 22:01:19
我正在创建一个存储lb日志的桶。我不想硬编码名称,因为这会导致我的代码中断,因为s3的唯一名称要求。我正在使用由terraform提供的bucket_prefix。
在桶策略中,我需要s3桶的名称,代码如下所示:
resource "aws_s3_bucket" "aws-s3-lb-logs" {
acl = "private"
force_destroy = true
bucket_prefix = "some-prefix"
policy = <<POLICY
{
"Id": "Policy",
"Statement": [
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::${aws_s3_bucket.aws-s3-lb-logs.bucket}/AWSLogs/*",
"Principal": {
"AWS": [
"${data.aws_elb_service_account.main.arn}"
]
}
}
]
}
POLICY
}当我试图在策略中调用${aws_s3_bucket.aws-s3-lb-logs.bucket}时,它会给出并出错:
Error: Self-referential block
on main.tf line 350, in resource "aws_s3_bucket" "aws-s3-lb-logs":
350: "Resource": "arn:aws:s3:::${aws_s3_bucket.aws-s3-lb-logs.bucket}/AWSLogs/*",
Configuration for aws_s3_bucket.aws-s3-lb-logs may not refer to itself.我知道我不能调用相同的资源块,但是在这种情况下,如何获得要放入策略块中的s3桶的名称?
回答 1
Stack Overflow用户
回答已采纳
发布于 2020-12-26 22:11:47
解决方案是使用单独的资源(政策)来设置桶策略。
resource "aws_s3_bucket" "aws-s3-lb-logs" {
acl = "private"
force_destroy = true
bucket_prefix = "some-prefix"
}
resource "aws_s3_bucket_policy" "aws-s3-lb-logs" {
bucket = aws_s3_bucket.aws-s3-lb-logs.id
policy = <<POLICY
{
"Id": "Policy",
"Statement": [
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::${aws_s3_bucket.aws-s3-lb-logs.bucket}/AWSLogs/*",
"Principal": {
"AWS": [
"${data.aws_elb_service_account.main.arn}"
]
}
}
]
}
POLICY
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65461082
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号