尝试将日志记录添加到两个存储桶时,我的Terraform脚本出现错误。这些是我的模块之一,我以前已经成功使用过它们。我回来部署新环境了……现在不起作用了。
我遇到以下错误:
module.dev2_environment.module.portal.aws_s3_bucket.portal_bucket:发生1个错误: * aws_s3_bucket.portal_bucket:放置S3日志时出错:InvalidTargetBucketForLogging:您必须给日志传送组 对目标存储区的WRITE和READ_ACP权限 状态码:400,请求ID:51AB42EFCACC9924,主机ID:nYCUxjHZE + xTisA1xG5syLTKVN / Rtwu8z3xF + O9GAPMdC2yGcafP4uwDURUGKd9Lx1SD8aHTcEI =
我正在通过带有管理员凭据的CLI执行。在工作状态和错误之间未进行任何代码更改。关于可能会发生什么变化的任何想法?句法?在某个地方配置AWS?
Terraform 11.14和AWS Provider 2.16
日志存储区:
resource "aws_s3_bucket" "logs_bucket" {
bucket = "XYZ-${var.env}-cdnlogs"
acl = "log-delivery-write"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Finance = "dev_env"
Environment = "${var.env}"
}
}
目标存储桶:
resource "aws_s3_bucket" "portal_bucket" {
bucket = "XYZ-${var.env}-portal"
acl = "private"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
logging {
target_bucket = "${aws_s3_bucket.logs_bucket.id}"
target_prefix = "logs/portal/"
}
website {
index_document = "index.html"
error_document = "index.html"
}
// Needed to allow logos to be uploaded the "Portal"
cors_rule {
allowed_headers = ["*"]
allowed_methods = ["GET", "HEAD", "PUT", "POST"]
allowed_origins = ["*"]
max_age_seconds = 3000
}
tags {
Finance = "dev_env"
Environment = "${var.env}"
}
}
答案 0 :(得分:0)
设置Copy-Item -FromSession $session C:\Programs\temp\test.txt -Destination C:\Programs\temp\test.txt
ACL的值以允许Logging-> Read和Logging Write。以及读取存储桶权限。
答案 1 :(得分:0)
我认为错误在这里
logging {
target_bucket = "${aws_s3_bucket.**logs_bucket**.id}"
target_prefix = "logs/portal/"
}
应该是
logging {
**target_bucket = "${aws_s3_bucket.portal_bucket.id}"**
target_prefix = "logs/portal/"
}