Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/amazon-s3/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon s3 如何从Terraform 0.12中的模板创建S3 bucket策略?_Amazon S3_Terraform_Terraform Provider Aws - Fatal编程技术网
Fatal编程技术网
  • amazon-s3/
  • Amazon s3 如何从Terraform 0.12中的模板创建S3 bucket策略?

Amazon s3 如何从Terraform 0.12中的模板创建S3 bucket策略?

amazon-s3 terraform

Amazon s3 如何从Terraform 0.12中的模板创建S3 bucket策略?,amazon-s3,terraform,terraform-provider-aws,Amazon S3,Terraform,Terraform Provider Aws,我正试图通过Terraform 0.12创建一个S3存储桶策略,该策略将根据环境(dev/prod)而改变。以下是该政策的一部分: { "Sid": "AllowAdminAccessToBuckets", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetBucket*" ],

我正试图通过Terraform 0.12创建一个S3存储桶策略,该策略将根据环境(dev/prod)而改变。以下是该政策的一部分:

{
            "Sid": "AllowAdminAccessToBuckets",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetBucket*"
            ],
            "Resource": [
                "arn:aws:s3:::${var.env-bucket}",
                "arn:aws:s3:::${var.env-bucket}/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:sourceVpce": "${var.env-vpce}"
                }
            }
        }
如果我使用JSON格式的文档(而不是模板)执行此操作,则以下操作有效:

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  policy = "${file("templates/policy.json")}"
}
如何在策略中指定变量?

您可以使用数据资源为策略创建JSON模板,方法是根据您的环境传递变量,并将该模板文件用作
aws\u s3\u bucket
资源中的策略

variable "env-bucket" {
  default = "sample"
}
variable "env-vpce" {
  default = "sample-vpc"
}

data "template_file" "policy" {
  template = "${file("policy.json")}"

  vars = {
    env-bucket = "${var.env-bucket}"
    env-vpce   = "${var.env-vpce}"
   }
}

resource "aws_s3_bucket" "b" {
   bucket = "my-tf-test-bucket"
   policy = "${data.template_file.policy.rendered}"
}
您不需要一个模板文件来传递变量,您可以使用以下命令直接内联传递:

变量“env bucket”{
default=“示例”
}
变量“env vpce”{
default=“vpce-1234567890abcdef”
}
资源“aws_s3_bucket”“b”{
bucket=var.env-bucket
policy=这接近我想要做的,但似乎也不起作用

variable "env-bucket" {
  default = "example"
}

variable "env-vpce" {
  default = "vpce-1234567890abcdef"
}

resource "aws_s3_bucket" "b" {
   bucket = var.env-bucket
   policy = <<POLICY
{
    "Sid": "AllowAdminAccessToBuckets",
    "Effect": "Allow",
    "Principal": "*",
    "Action": [
        "s3:GetBucket*"
    ],
    "Resource": [
        "arn:aws:s3:::${var.env-bucket}",
        "arn:aws:s3:::${var.env-bucket}/*"
    ],
    "Condition": {
        "StringEquals": {
            "aws:sourceVpce": var.env-vpce
        }
    }
}
POLICY

}