问题配置存储桶策略错误:api错误MalformedPolicy:策略语法无效

问题描述 投票:0回答:1

这是我的地形代码。我正在配置存储桶 s3 和附加它的策略。

resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.bucket.id
  
  policy = jsonencode({
     Version = "2012-10-17"
     Id      = "AllowGetObjects"
     Statement = [
        {
          Sid       = "AllowPublic"
          Effect    = "Allow"
          Principal = "cloudfront.amazonaws.com"
          Actions    = ["s3:GetObject", "s3:PutObject"]
          Resource  = "${aws_s3_bucket.bucket.arn}/**"
        }
      ]
   })
}

这是错误堆栈

API 错误 MalformedPolicy:│ 使用 aws_s3_bucket_policy.bucket_policy, │ 在 s3.tf 第 32 行,资源“aws_s3_bucket_policy”“bucket_policy”中: │ 32:资源“aws_s3_bucket_policy”“bucket_policy”{

amazon-web-services terraform terraform-provider-aws
1个回答
1
投票

我相信您的错误来自您的 

principal
字段,该字段应该是一个指定您的值是 AWS 
Service
:

的块 
resource "aws_s3_bucket_policy" "bucket_policy" {
  bucket = aws_s3_bucket.bucket.id
  
  policy = jsonencode({
     Version = "2012-10-17"
     Id      = "AllowGetObjects"
     Statement = [
        {
          Sid       = "AllowPublic"
          Effect    = "Allow"
          Principal = {
            Service = "cloudfront.amazonaws.com"
          }
          Action    = ["s3:GetObject", "s3:PutObject"]
          Resource  = "${aws_s3_bucket.bucket.arn}/*"
        }
      ]
   })
}

我还删除了第二个

*
;正如@Helder Sepulveda 指出的,这是多余的。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.