Terraform 计划显示已应用的 CanonicalUser 更改
[英]Terraform plan shows changes for CanonicalUser that are already applied
问题描述
I have an IAM policy to allow my CloudFront to read and list objects in my S3 bucket specified as follows:
我有一个 IAM 策略,允许我的 CloudFront 读取和列出我的 S3 存储桶中的对象,指定如下:
[...]
Effect = "Allow"
Principal = {
"CanonicalUser" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
Action : [
"s3:GetObject",
"s3:ListBucket"
],
[...]
With this already applied , any time I run again terraform plan changes appear with regards to that Principal / CanonicalUser which is pretty inconvenient as blurs the rest of the output.有了这个已经应用,任何时候我再次运行terraform plan更改都会出现关于Principal / CanonicalUser这非常不方便,因为模糊了 Z78E6221F6393D1356681DB398 的 rest。
Any solution to that?有什么解决办法吗?
1 个解决方案
解决方案1
1 2022-09-07 07:22:25
I managed to solve it replacing in the terraform configuration the CanonicalUser by a AWS type identifier:我设法在 terraform 配置中用AWS类型标识符替换CanonicalUser来解决它:
So my policy above will be instead:所以我上面的政策将改为:
Principal = {
"AWS" : arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXX
}
With this the plan shows no changes when nothing has changed有了这个,当什么都没有改变时,计划不会显示任何变化
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.