我正在嘗試使用 terraform 在 S3 存盤桶的 IAM 策略上設定多個委托人(IAM 角色)。該計劃如下所示:
Terraform will perform the following actions:
# module.log_bucket.aws_s3_bucket_policy.policy will be updated in-place
~ resource "aws_s3_bucket_policy" "policy" {
id = "log_bucket"
~ policy = jsonencode(
~ {
~ Statement = [
{
Action = [
"s3:PutObject",
"s3:PutObjectAcl",
]
Effect = "Allow"
Principal = {
AWS = [
"arn:aws:iam::<account1-id>:role/my_log_role",
"arn:aws:iam::<account2-id>:role/my_log_role",
"arn:aws:iam::<account3-id>:role/my_log_role",
"arn:aws:iam::<account4-id>:role/my_log_role",
]
}
Resource = [
"arn:aws:s3:::log_bucket/*",
"arn:aws:s3:::log_bucket",
]
Sid = "DelegateS3Access"
},
]
# (1 unchanged element hidden)
}
)
# (1 unchanged attribute hidden)
}
但是當我申請時,我收到以下錯誤:
│ Error: Error putting S3 policy: MalformedPolicy: Invalid principal in policy
│ status code: 400
│ with module.log_bucket.aws_s3_bucket_policy.policy,
│ on .terraform/mypath/main.tf line 63, in resource "aws_s3_bucket_policy" "policy":
│ 63: resource "aws_s3_bucket_policy" "policy" {
│
對我來說似乎是正確的,為什么它會拋出錯誤?
uj5u.com熱心網友回復:
根據評論,這是因為您指定的角色在創建策略時必須存在。
相關檔案
轉載請註明出處,本文鏈接:https://www.uj5u.com/qukuanlian/367895.html
標籤:亚马逊网络服务 亚马逊-s3 地形 亚马逊 terraform-provider-aws
下一篇:如何獲得特價magento2