Terraform-启用访问负载平衡器日志InvalidConfigurationRequest:存储桶访问被拒绝

时间:2020-09-22 00:03:40

标签: amazon-web-services amazon-s3 terraform amazon-elb terraform-provider-aws

我正在使用terraform来配置ELB,并想为S3存储桶中的ELB启用访问日志。尝试应用资源时,出现以下错误-InvalidConfiguration:存储桶访问被拒绝:

下面是我的TF资源以及使用IAM策略文档创建的S3存储桶策略。

resource "aws_lb" "this" {
  name               = var.name
  load_balancer_type = "application"

  access_logs {
    bucket  = aws_s3_bucket.this.bucket
    prefix  = var.name
    enabled = true
  }
}

resource "aws_s3_bucket" "this" {
  bucket        = "${var.bucket_name}"
  acl           = "log-delivery-write"
  force_destroy = true

}

resource "aws_s3_bucket_policy" "this" {
  bucket = "aws_s3_bucket.this.id"
  policy = "${data.aws_iam_policy_document.s3_bucket_lb_write.json}"
}


data "aws_iam_policy_document" "s3_bucket_lb_write" {
  policy_id = "s3_bucket_lb_logs"

  statement {
    actions = [
      "s3:PutObject",
    ]
    effect = "Allow"
    resources = [
      "${aws_s3_bucket.this.arn}/*",
    ]

    principals {
      identifiers = ["${data.aws_elb_service_account.main.arn}"]
      type        = "AWS"
    }
  }

  statement {
    actions = [
      "s3:PutObject"
    ]
    effect = "Allow"
    resources = ["${aws_s3_bucket.this.arn}/*"]
    principals {
      identifiers = ["delivery.logs.amazonaws.com"]
      type        = "Service"
    }
  }


  statement {
    actions = [
      "s3:GetBucketAcl"
    ]
    effect = "Allow"
    resources = ["${aws_s3_bucket.this.arn}"]
    principals {
      identifiers = ["delivery.logs.amazonaws.com"]
      type        = "Service"
    }
  }
}

output "bucket_name" {
  value = "${aws_s3_bucket.this.bucket}"
}

我收到以下错误

Error: Error putting S3 policy: NoSuchBucket: The specified bucket does not exist
        status code: 404, request id: 5932CFE816059A8D, host id: j5ZBQ2ptHXivx+fu7ai5jbM8PSQR2tCFo4IAvcLkuocxk8rn/r0TG/6YbfRloBFR2WSy8UE7K8Q=

Error: Failure configuring LB attributes: InvalidConfigurationRequest: Access Denied for bucket: test-logs-bucket-xyz. Please check S3bucket permission
        status code: 400, request id: ee101cc2-5518-42c8-9542-90dd7bb05e3c

地形版本 Terraform v0.12.23

  • provider.aws v3.6.0

1 个答案:

答案 0 :(得分:1)

存在错误:

  $("#AreYouGoingOnVacation").change(function () {
    if ($(this).val() == "Yes") {
      $("#divWouldYouBeTakingASpouse").show();
    } else {
      $("#divWouldYouBeTakingASpouse").hide();
    }
  });
  $("#WouldYouBeTakingASpouse").change(function () {
    if ($(this).val() == "Yes") {
      $("#divHowLongAreYouWillingToWaitForFood").show();
    } else {
      $("#divHowLongAreYouWillingToWaitForFood").hide();
    }
  });
});

应该是:

resource "aws_s3_bucket_policy" "this" {
  bucket = "aws_s3_bucket.this.id"
  policy = "${data.aws_iam_policy_document.s3_bucket_lb_write.json}"
}

原始版本(resource "aws_s3_bucket_policy" "this" { bucket = aws_s3_bucket.this.id policy = data.aws_iam_policy_document.s3_bucket_lb_write.json } )只会尝试查找字面上称为“ aws_s3_bucket.this.id”的存储桶。

相关问题
最新问题