我设法使我的Terraform遍历了所有创建IAM用户和存储区的存储区
resource "aws_s3_bucket" "aws_s3_buckets" {
count = "${length(var.s3_bucket_name)}"
bucket = "${var.s3_bucket_name[count.index]}"
acl = "private"
tags = {
Name = "${var.s3_bucket_name[count.index]}"
Environment = "live"
policy = <<POLICY
{
"Id": "Policy1574607242703",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1574607238413",
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": {
"arn:aws:s3:::"."${var.s3_bucket_name[count.index]}"."/*"}
},
"Principal": {
"AWS": [
"${var.s3_bucket_name[count.index]}"}
]}
}
]
}
POLICY
}
}
我遇到错误设置S3存储桶标签:InvalidTag:您提供的TagValue是无效的状态码:400有没有办法创建这样的策略?还是我的代码做错了什么?
policy
部分不是tag
参数的一部分。它是aws_s3_bucket资源中的单独部分。您也可以使用aws_s3_bucket_policy资源创建存储桶策略。注意:该政策存在很多问题。您必须修复它们,才能使策略正常运行。一些问题是: