Attaches a policy to an S3 bucket resource.
resource "aws_s3_bucket" "example" {
bucket = "my-tf-test-bucket"
}
resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
bucket = aws_s3_bucket.example.id
policy = data.aws_iam_policy_document.allow_access_from_another_account.json
}
data "aws_iam_policy_document" "allow_access_from_another_account" {
statement {
principals {
type = "AWS"
identifiers = ["123456789012"]
}
actions = [
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.example.arn,
"${aws_s3_bucket.example.arn}/*",
]
}
}
This resource supports the following arguments:
bucket
- (Required) Name of the bucket to which to apply the policy.policy
- (Required) Text of the policy. Although this is a bucket policy rather than an IAM policy, the aws_iam_policy_document
data source may be used, so long as it specifies a principal. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide. Note: Bucket policies are limited to 20 KB in size.This resource exports no additional attributes.
In Terraform v1.5.0 and later, use an import
block to import S3 bucket policies using the bucket name. For example:
import {
to = aws_s3_bucket_policy.allow_access_from_another_account
id = "my-tf-test-bucket"
}
Using terraform import
, import S3 bucket policies using the bucket name. For example:
% terraform import aws_s3_bucket_policy.allow_access_from_another_account my-tf-test-bucket