我正在尝试使用 terraform 设置 cloudfront dist 和 s3 存储桶。当我运行 terraform apply 时,它返回以下错误:
我的 S3.tf 文件:
data "aws_iam_policy_document" "s3_policy" {
policy_id = "PolicyForCloudFrontPrivateContent"
statement {
sid = "1"
actions = ["s3:GetObject"]
resources = ["arn:aws:s3:::${local.name_env}/*"]
principals {
type = "AWS"
identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
}
}
}
resource "aws_s3_bucket" "app" {
bucket = "${local.name_env}"
policy = "${data.aws_iam_policy_document.s3_policy.json}"
logging {
target_bucket = "${local.logs_bucket}"
target_prefix = "app-${var.environment}"
}
versioning {
enabled = true
}
tags = "${local.tags}"
}
最佳答案
您需要将 acl 属性添加到您的 aws_s3_bucket,其值为“log-delivery-write”。
resource "aws_s3_bucket" "app" {
bucket = "${local.name_env}"
acl = "log-delivery-write"
...
}
关于amazon-s3 - 如何给目标bucket日志传送组WRITE和READ_ACP权限?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/55585003/