I create an s3 bucket via terraform for the purpose of storing VPC Flow Logs:
resource "aws_s3_bucket" "bucket" {
bucket = local.bucket_name
force_destroy = true
tags = var.tags
}
After the bucket is created, and flow-log service is created, there are a few entries under "/AWSLogs/..."
after I remove the flow-log service I attempt the terraform destroy, but it fails with the following entry, one for each object:
deleting: S3 object (AWSLogs/.../...98d659c.log.gz) version (null): AccessDenied: Access Denied
there are no policies, because they get deleted first.
ACLs are bucket owner
and s3 log delivery group
have full access, the rest are turned off. and owner is set to data.aws_canonical_user_id.current.id
ACL permissions are not quite enough. The IAM role you are using requires the s3:DeleteObject*
permissions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.