stackoom
  简体   繁体   中英

Terraform plan shows changes for CanonicalUser that are already applied

 原文  2022-09-07 07:22:25       amazon-web-services/ amazon-s3/ terraform/ amazon-iam/ amazon-cloudfront

Question

I have an IAM policy to allow my CloudFront to read and list objects in my S3 bucket specified as follows:

[...]

Effect = "Allow"
    Principal = {
      "CanonicalUser" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    }
    Action : [
      "s3:GetObject",
      "s3:ListBucket"
    ],

[...]

With this already applied , any time I run again terraform plan changes appear with regards to that Principal / CanonicalUser which is pretty inconvenient as blurs the rest of the output.

Any solution to that?

1 answers

solution1
 1  2022-09-07 07:22:25

I managed to solve it replacing in the terraform configuration the CanonicalUser by a AWS type identifier:

So my policy above will be instead:

Principal = {
    "AWS" : arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXX
}

With this the plan shows no changes when nothing has changed

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question S3 bucket - Terraform: Plan shows inexistent changes, on default values Terraform Destroy Command shows improper plan Terraform Import and Plan shows change in user data whereas there is no change Terraform plan shows differences after importing the aws resources Terraform plan command failing Terraform Plan unable to finish Terraform (0.12.29) import not working as expected; import succeeded but plan shows destroy & recreate Terraform plan after fetching terraform configuration Terraform plan outputs incorrect results Terraform plan AWS Unauthorized issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM