这是我的地形代码。我正在配置存储桶 s3 和附加它的策略。
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.bucket.id
policy = jsonencode({
Version = "2012-10-17"
Id = "AllowGetObjects"
Statement = [
{
Sid = "AllowPublic"
Effect = "Allow"
Principal = "cloudfront.amazonaws.com"
Actions = ["s3:GetObject", "s3:PutObject"]
Resource = "${aws_s3_bucket.bucket.arn}/**"
}
]
})
}
这是错误堆栈
API 错误 MalformedPolicy:│ 使用 aws_s3_bucket_policy.bucket_policy, │ 在 s3.tf 第 32 行,资源“aws_s3_bucket_policy”“bucket_policy”中: │ 32:资源“aws_s3_bucket_policy”“bucket_policy”{
我相信您的错误来自您的
principal
字段,该字段应该是一个指定您的值是 AWS Service
: 的块
resource "aws_s3_bucket_policy" "bucket_policy" {
bucket = aws_s3_bucket.bucket.id
policy = jsonencode({
Version = "2012-10-17"
Id = "AllowGetObjects"
Statement = [
{
Sid = "AllowPublic"
Effect = "Allow"
Principal = {
Service = "cloudfront.amazonaws.com"
}
Action = ["s3:GetObject", "s3:PutObject"]
Resource = "${aws_s3_bucket.bucket.arn}/*"
}
]
})
}
我还删除了第二个
*
;正如@Helder Sepulveda 指出的,这是多余的。