I have an IAM policy to allow my CloudFront to read and list objects in my S3 bucket specified as follows:
[...]
Effect = "Allow"
Principal = {
"CanonicalUser" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
Action : [
"s3:GetObject",
"s3:ListBucket"
],
[...]
With this already applied , any time I run again terraform plan
changes appear with regards to that Principal
/ CanonicalUser
which is pretty inconvenient as blurs the rest of the output.
Any solution to that?
I managed to solve it replacing in the terraform configuration the CanonicalUser
by a AWS
type identifier:
So my policy above will be instead:
Principal = {
"AWS" : arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXX
}
With this the plan shows no changes when nothing has changed
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.