如何使用 Terraform 脚本禁用 s3 存储桶 ACL?
[英]How to disable s3 bucket ACL using Terraform scripts?
问题描述
The new recommendation from AWS is to disable ACL by default such that Object ownership defaults to Bucket owner. 
AWS 的新建议是默认禁用 ACL,这样 Object 所有权默认为 Bucket 所有者。 How can I achieve this with aws_s3_bucket resource using Terraform?如何使用 Terraform 使用 aws_s3_bucket 资源实现此目的?
I tried doing the following without success我尝试执行以下操作但没有成功
resource "aws_s3_bucket_acl" "example_bucket_acl" {
bucket = aws_s3_bucket.s3-bucket.id
acl = "private"
expected_bucket_owner = data.aws_caller_identity.current.account_id
}
data "aws_caller_identity" "current" {}
This code sets the ACL such that only bucket owner can read and write the bucket and the objects within the bucket, but the object ownership configuration is still set to "object writer".此代码设置 ACL,以便只有存储桶所有者可以读取和写入存储桶和存储桶中的对象,但 object 所有权配置仍设置为“对象写入者”。 Furthermore, ACL is not disabled as a result of setting this.此外,ACL 不会因为设置它而被禁用。
From the Terraform's documentation on S3 ACL , it does not state any examples nor provide any arguments that support disabling ACL.从Terraform 关于 S3 ACL 的文档中,它没有 state 任何示例,也没有提供任何支持禁用 ACL 的 arguments 。
I tried to brute force the solution by running terraform plan after manually changing the settings in AWS to see what differences I would get from the plan, but it says my infrastructure matches the configuration.在手动更改 AWS 中的设置后,我试图通过运行 terraform 计划来强行解决该解决方案,以查看我将从该计划中获得哪些差异,但它说我的基础设施与配置相匹配。
Does anyone have any ideas how this can be done?有谁知道如何做到这一点? I'm currently using Terraform CLI v1.3.5 and AWS provider v4.40.0.我目前正在使用 Terraform CLI v1.3.5 和 AWS 提供商 v4.40.0。
1 个解决方案
解决方案1
1 已采纳 2022-11-21 05:14:19
This is set using aws_s3_bucket_ownership_controls , not with aws_s3_bucket_acl .这是使用aws_s3_bucket_ownership_controls设置的,而不是aws_s3_bucket_acl 。 You can set the control to BucketOwnerEnforced .您可以将控件设置为BucketOwnerEnforced 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.