Provides a resource to manage an S3 Multi-Region Access Point access control policy.
data "aws_caller_identity" "current" {}
data "aws_partition" "current" {}
resource "aws_s3_bucket" "foo_bucket" {
bucket = "example-bucket-foo"
}
resource "aws_s3control_multi_region_access_point" "example" {
details {
name = "example"
region {
bucket = aws_s3_bucket.foo_bucket.id
}
}
}
resource "aws_s3control_multi_region_access_point_policy" "example" {
details {
name = element(split(":", aws_s3control_multi_region_access_point.example.id), 1)
policy = jsonencode({
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "Example",
"Effect" : "Allow",
"Principal" : {
"AWS" : data.aws_caller_identity.current.account_id
},
"Action" : ["s3:GetObject", "s3:PutObject"],
"Resource" : "arn:${data.aws_partition.current.partition}:s3::${data.aws_caller_identity.current.account_id}:accesspoint/${aws_s3control_multi_region_access_point.example.alias}/object/*"
}
]
})
}
}
This resource supports the following arguments:
account_id
- (Optional) The AWS account ID for the owner of the Multi-Region Access Point. Defaults to automatically determined account ID of the Terraform AWS provider.details
- (Required) A configuration block containing details about the policy for the Multi-Region Access Point. See Details Configuration Block below for more detailsThe details
block supports the following:
name
- (Required) The name of the Multi-Region Access Point.policy
- (Required) A valid JSON document that specifies the policy that you want to associate with this Multi-Region Access Point. Once applied, the policy can be edited, but not deleted. For more information, see the documentation on Multi-Region Access Point Permissions.This resource exports the following attributes in addition to the arguments above:
established
- The last established policy for the Multi-Region Access Point.id
- The AWS account ID and access point name separated by a colon (:
).proposed
- The proposed policy for the Multi-Region Access Point.create
- (Default 15m
)update
- (Default 15m
)In Terraform v1.5.0 and later, use an import
block to import Multi-Region Access Point Policies using the account_id
and name
of the Multi-Region Access Point separated by a colon (:
). For example:
import {
to = aws_s3control_multi_region_access_point_policy.example
id = "123456789012:example"
}
Using terraform import
, import Multi-Region Access Point Policies using the account_id
and name
of the Multi-Region Access Point separated by a colon (:
). For example:
% terraform import aws_s3control_multi_region_access_point_policy.example 123456789012:example