Resource: aws_s3control_multi_region_access_point_policy

Provides a resource to manage an S3 Multi-Region Access Point access control policy.

Example Usage

Basic Example

data "aws_caller_identity" "current" {}
data "aws_partition" "current" {}

resource "aws_s3_bucket" "foo_bucket" {
  bucket = "example-bucket-foo"
}

resource "aws_s3control_multi_region_access_point" "example" {
  details {
    name = "example"

    region {
      bucket = aws_s3_bucket.foo_bucket.id
    }
  }
}

resource "aws_s3control_multi_region_access_point_policy" "example" {
  details {
    name = element(split(":", aws_s3control_multi_region_access_point.example.id), 1)
    policy = jsonencode({
      "Version" : "2012-10-17",
      "Statement" : [
        {
          "Sid" : "Example",
          "Effect" : "Allow",
          "Principal" : {
            "AWS" : data.aws_caller_identity.current.account_id
          },
          "Action" : ["s3:GetObject", "s3:PutObject"],
          "Resource" : "arn:${data.aws_partition.current.partition}:s3::${data.aws_caller_identity.current.account_id}:accesspoint/${aws_s3control_multi_region_access_point.example.alias}/object/*"
        }
      ]
    })
  }
}

Argument Reference

This resource supports the following arguments:

Details Configuration

The details block supports the following:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Timeouts

Configuration options:

Import

In Terraform v1.5.0 and later, use an import block to import Multi-Region Access Point Policies using the account_id and name of the Multi-Region Access Point separated by a colon (:). For example:

import {
  to = aws_s3control_multi_region_access_point_policy.example
  id = "123456789012:example"
}

Using terraform import, import Multi-Region Access Point Policies using the account_id and name of the Multi-Region Access Point separated by a colon (:). For example:

% terraform import aws_s3control_multi_region_access_point_policy.example 123456789012:example