[英]Terraform always says changes on templatefile for s3 bucket policy
我的 s3 存储桶策略有问题,它似乎正确添加了策略,甚至在 AWS 中验证了它,它显示了 policy.tpl 中设置的确切策略,但它一直说有变化
我已经尝试将操作和资源更改为 arrays,我听说这可能会有所帮助.. 尝试从策略中删除“版本”,即 SID,一直说每次我运行它时都会发生变化
政策.tf
resource "aws_s3_bucket_policy" "bucket" {
bucket = aws_s3_bucket.bucket.id
policy = local.policy
}
本地人.tf
locals {
template_dir = "${path.module}/templates"
template_vars = {
encrypt = var.s3_require_encryption_enabled
bucket_arn = aws_s3_bucket.bucket.arn
extra_statements = var.s3_bucket_policy
}
policy = templatefile("${local.template_dir}/policy.tpl", local.template_vars)
}
模板/policy.tpl
{
"Version": "2008-10-17",
"Statement": [
{
"Sid" : "",
"Effect" : "Deny",
"Principal" : "*",
"Action" : "s3:*",
"Resource" : "${bucket_arn}/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
在 AWS
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::test-bucket-us-east-1/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
说
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
#aws_s3_bucket_policy.bucket will be updated in-place
~ resource "aws_s3_bucket_policy" "bucket" {
bucket = "test-bucket-us-east-1"
id = "test-bucket-us-east-1"
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "s3:*"
+ Condition = {
+ Bool = {
+ aws:SecureTransport = "false"
}
}
+ Effect = "Deny"
+ Principal = "*"
+ Resource = "arn:aws:s3:::test-bucket-us-east-1/*"
+ Sid = ""
},
]
+ Version = "2008-10-17"
}
)
}
Plan: 0 to add, 1 to change, 0 to destroy.
根据评论,底层存储桶策略存在问题。
Content-MD5 请求正文的MD5 hash。
对于使用 AWS 命令行界面 (CLI) 或 AWS 开发工具包发出的请求,此字段会自动计算。)
因此资源aws_s3_bucket_policy正在尝试更新策略。
我使用 terraform 创建了一个 Cloudtrail,但它说我在部署后缺少 S3 存储桶策略
[英]I have created a Cloudtrail using terraform but it says I'm missing S3 bucket policy after deployment
terraform cloudfront 分发源 - 如何更新 s3 存储桶策略
[英]terraform cloudfront distribution origin - how to update s3 bucket policy
Terraform 将存储桶策略附加到 s3 存储桶时抛出存储桶区域错误
[英]Terraform throwing bucket region error when attaching bucket policy to s3 bucket
S3 存储桶 - Terraform:计划在默认值上显示不存在的更改
[英]S3 bucket - Terraform: Plan shows inexistent changes, on default values
为什么在 terraform 中创建的 S3 存储桶需要存储桶策略来授予对 lambda 的访问权限
[英]Why does S3 bucket created in terraform needs bucket policy to grant access to lambda
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.