【发布时间】:2020-11-30 16:53:47
【问题描述】:
我在运行 terraform Error: Error creating IAM Role s3_access: MalformedPolicyDocument: Has prohibited field Resource status code: 400, 时遇到此错误,我在 IAM 角色中缺少什么?我正在使用这个角色从 s3 获取某个文件。我想给这个角色有限的权限,比如只获取某些存储桶内容
resource "aws_instance" "web" {
count = var.ec2_count
ami = var.ami_id
instance_type = var.instance_type
subnet_id = var.subnet_id
key_name = var.key_name
source_dest_check = false
associate_public_ip_address = true
#user_data = "${file("userdata.sh")}"1
security_groups = [aws_security_group.ec2_sg.id]
user_data = "${file("${path.module}/template/userdata.sh")}"
tags = {
Name = "Webserver"
}
}
resource "aws_iam_role" "s3_access" {
name = "s3_access"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": [
"s3:ListBucket",
"s3:GetObjectVersion",
"s3:GetObject",
"s3:GetBucketVersioning",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::webserver/*",
"arn:aws:s3:::webserver"
]
}
]
}
EOF
tags = {
tag-key = "tag-value"
}
}
resource "aws_security_group" "ec2_sg" {
name = "ec2-sg"
description = "Allow TLS inbound traffic"
vpc_id = var.vpc_id
ingress {
description = "incoming for ec2-instance"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "ec2-sg"
}
}
我们将不胜感激任何类型的帮助。我自己尝试过,但我被卡住了。
【问题讨论】:
标签: amazon-web-services amazon-s3 terraform amazon-iam