Amazon s3 如何从Terraform 0.12中的模板创建S3 bucket策略?
我正试图通过Terraform 0.12创建一个S3存储桶策略,该策略将根据环境(dev/prod)而改变。以下是该政策的一部分:Amazon s3 如何从Terraform 0.12中的模板创建S3 bucket策略?,amazon-s3,terraform,terraform-provider-aws,Amazon S3,Terraform,Terraform Provider Aws,我正试图通过Terraform 0.12创建一个S3存储桶策略,该策略将根据环境(dev/prod)而改变。以下是该政策的一部分: { "Sid": "AllowAdminAccessToBuckets", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetBucket*" ],
{
"Sid": "AllowAdminAccessToBuckets",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetBucket*"
],
"Resource": [
"arn:aws:s3:::${var.env-bucket}",
"arn:aws:s3:::${var.env-bucket}/*"
],
"Condition": {
"StringEquals": {
"aws:sourceVpce": "${var.env-vpce}"
}
}
}
如果我使用JSON格式的文档(而不是模板)执行此操作,则以下操作有效:
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket"
policy = "${file("templates/policy.json")}"
}
如何在策略中指定变量?您可以使用数据资源为策略创建JSON模板,方法是根据您的环境传递变量,并将该模板文件用作
aws\u s3\u bucket
资源中的策略
variable "env-bucket" {
default = "sample"
}
variable "env-vpce" {
default = "sample-vpc"
}
data "template_file" "policy" {
template = "${file("policy.json")}"
vars = {
env-bucket = "${var.env-bucket}"
env-vpce = "${var.env-vpce}"
}
}
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket"
policy = "${data.template_file.policy.rendered}"
}
您不需要一个模板文件来传递变量,您可以使用以下命令直接内联传递:
变量“env bucket”{
default=“示例”
}
变量“env vpce”{
default=“vpce-1234567890abcdef”
}
资源“aws_s3_bucket”“b”{
bucket=var.env-bucket
policy=这接近我想要做的,但似乎也不起作用
variable "env-bucket" {
default = "example"
}
variable "env-vpce" {
default = "vpce-1234567890abcdef"
}
resource "aws_s3_bucket" "b" {
bucket = var.env-bucket
policy = <<POLICY
{
"Sid": "AllowAdminAccessToBuckets",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetBucket*"
],
"Resource": [
"arn:aws:s3:::${var.env-bucket}",
"arn:aws:s3:::${var.env-bucket}/*"
],
"Condition": {
"StringEquals": {
"aws:sourceVpce": var.env-vpce
}
}
}
POLICY
}