![](/img/trans.png)
[英]I have created a Cloudtrail using terraform but it says I'm missing S3 bucket policy after deployment
[英]Terraform always says changes on templatefile for s3 bucket policy
我的 s3 存储桶策略有问题,它似乎正确添加了策略,甚至在 AWS 中验证了它,它显示了 policy.tpl 中设置的确切策略,但它一直说有变化
我已经尝试将操作和资源更改为 arrays,我听说这可能会有所帮助.. 尝试从策略中删除“版本”,即 SID,一直说每次我运行它时都会发生变化
政策.tf
resource "aws_s3_bucket_policy" "bucket" {
bucket = aws_s3_bucket.bucket.id
policy = local.policy
}
本地人.tf
locals {
template_dir = "${path.module}/templates"
template_vars = {
encrypt = var.s3_require_encryption_enabled
bucket_arn = aws_s3_bucket.bucket.arn
extra_statements = var.s3_bucket_policy
}
policy = templatefile("${local.template_dir}/policy.tpl", local.template_vars)
}
模板/policy.tpl
{
"Version": "2008-10-17",
"Statement": [
{
"Sid" : "",
"Effect" : "Deny",
"Principal" : "*",
"Action" : "s3:*",
"Resource" : "${bucket_arn}/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
在 AWS
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::test-bucket-us-east-1/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
说
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
#aws_s3_bucket_policy.bucket will be updated in-place
~ resource "aws_s3_bucket_policy" "bucket" {
bucket = "test-bucket-us-east-1"
id = "test-bucket-us-east-1"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "s3:*"
+ Condition = {
+ Bool = {
+ aws:SecureTransport = "false"
}
}
+ Effect = "Deny"
+ Principal = "*"
+ Resource = "arn:aws:s3:::test-bucket-us-east-1/*"
+ Sid = ""
},
]
+ Version = "2008-10-17"
}
)
}
Plan: 0 to add, 1 to change, 0 to destroy.
根据评论,底层存储桶策略存在问题。
Content-MD5 请求正文的MD5 hash。
对于使用 AWS 命令行界面 (CLI) 或 AWS 开发工具包发出的请求,此字段会自动计算。)
因此资源aws_s3_bucket_policy正在尝试更新策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.