Resource: aws_s3_bucket_policy

Attaches a policy to an S3 bucket resource.

Example Usage

Basic Usage

resource "aws_s3_bucket" "example" {
  bucket = "my-tf-test-bucket"
}

resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
  bucket = aws_s3_bucket.example.id
  policy = data.aws_iam_policy_document.allow_access_from_another_account.json
}

data "aws_iam_policy_document" "allow_access_from_another_account" {
  statement {
    principals {
      type        = "AWS"
      identifiers = ["123456789012"]
    }

    actions = [
      "s3:GetObject",
      "s3:ListBucket",
    ]

    resources = [
      aws_s3_bucket.example.arn,
      "${aws_s3_bucket.example.arn}/*",
    ]
  }
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports no additional attributes.

Import

In Terraform v1.5.0 and later, use an import block to import S3 bucket policies using the bucket name. For example:

import {
  to = aws_s3_bucket_policy.allow_access_from_another_account
  id = "my-tf-test-bucket"
}

Using terraform import, import S3 bucket policies using the bucket name. For example:

% terraform import aws_s3_bucket_policy.allow_access_from_another_account my-tf-test-bucket