【发布时间】:2020-08-25 21:15:30
【问题描述】:
我特别在寻找以下设置的方法,如下图所示。我想限制 S3 存储桶并选择创建新的源访问身份,如下所示。
它还应该在 S3 存储桶策略中进行更新,但图像中的设置可能看起来不同。
【问题讨论】:
标签: terraform devops terraform-provider-aws terraform0.12+
【发布时间】:2020-08-25 21:15:30
【问题描述】:
您可以参考下面的,
resource "aws_cloudfront_distribution" "www" {
origin {
domain_name = "${var.bucket_name}.s3.amazonaws.com"
origin_id = "wwwS3Origin"
s3_origin_config {
origin_access_identity = "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
}
}
enabled = true
is_ipv6_enabled = true
comment = "Some comment"
default_root_object = "index.html"
......
resource "aws_cloudfront_origin_access_identity" "origin_access_identity" {
comment = "S3 bucket OAI"
}
更新存储桶策略
data "aws_iam_policy_document" "s3_policy" {
statement {
actions = ["s3:GetObject"]
resources = ["${aws_s3_bucket.example.arn}/*"]
principals {
type = "AWS"
identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
}
}
statement {
actions = ["s3:ListBucket"]
resources = ["${aws_s3_bucket.example.arn}"]
principals {
type = "AWS"
identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
}
}
}
resource "aws_s3_bucket_policy" "example" {
bucket = "${aws_s3_bucket.example.id}"
policy = "${data.aws_iam_policy_document.s3_policy.json}"
}
更多详情请参考以下链接
【讨论】:
-
我已经尝试过了,它只是添加了存储桶策略,我没有得到图像中显示的设置让我遇到同样的问题。
-
可以发一下控制台截图吗?
-
感谢 Abhinaya,现在我宁愿选择使用其他模块并添加我的要求。 Cloudposse 拥有大量的模块