我想创建一个策略模板并将其应用于存储桶列表,但是在将当前存储桶的名称添加到策略中时遇到问题。 Terraform返回错误
"Error: Error putting S3 policy: MalformedPolicy: Policy has invalid resource"
两次。计划运行良好,策略的输出看起来不错,等等。
variable "s3_bucket_list"
{
type = list(string)
description = "List of buckets to secure"
default = ["bucket1","bucket2"]
}
resource "aws_s3_bucket" "qpp-secure-bucket" {
count = length(var.s3_bucket_list)
bucket = var.s3_bucket_list[count.index]
}
resource "aws_s3_bucket_policy" "minimum_s3_bucket_policy" {
count = length(var.s3_bucket_list)
bucket = var.s3_bucket_list[count.index]
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyUnencryptedCommunication",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"${aws_s3_bucket.bucket.arn}",
"arn:aws:s3:::${var.s3_bucket_list[count.index]}/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
}
]
}
POLICY
}
答案 0 :(得分:0)
正确的政策是
resource "aws_s3_bucket_policy" "secure-bucket" {
count = length(var.s3_bucket_list)
bucket = var.s3_bucket_list[count.index]
policy = <<POLICY { "Version": "2012-10-17", "Statement": [
{
"Sid": "DenyUnencryptedCommunication",
"Action": "s3:*",
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::${var.s3_bucket_list[count.index]}",
"arn:aws:s3:::${var.s3_bucket_list[count.index]}/*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
} ] } POLICY
}