Resource: aws_s3control_access_point_policy

Provides a resource to manage an S3 Access Point resource policy.

Example Usage

resource "aws_s3_bucket" "example" {
  bucket = "example"
}

resource "aws_s3_access_point" "example" {
  bucket = aws_s3_bucket.example.id
  name   = "example"

  public_access_block_configuration {
    block_public_acls       = true
    block_public_policy     = false
    ignore_public_acls      = true
    restrict_public_buckets = false
  }

  lifecycle {
    ignore_changes = [policy]
  }
}

resource "aws_s3control_access_point_policy" "example" {
  access_point_arn = aws_s3_access_point.example.arn

  policy = jsonencode({
    Version = "2008-10-17"
    Statement = [{
      Effect = "Allow"
      Action = "s3:GetObjectTagging"
      Principal = {
        AWS = "*"
      }
      Resource = "${aws_s3_access_point.example.arn}/object/*"
    }]
  })
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import Access Point policies using the access_point_arn. For example:

import {
  to = aws_s3control_access_point_policy.example
  id = "arn:aws:s3:us-west-2:123456789012:accesspoint/example"
}

Using terraform import, import Access Point policies using the access_point_arn. For example:

% terraform import aws_s3control_access_point_policy.example arn:aws:s3:us-west-2:123456789012:accesspoint/example