use*_*969 3 amazon-s3 amazon-cloudfront terraform terraform-provider-aws
我正在尝试使用Terraform设置cloudfront dist和s3存储桶。当我运行terraform apply它返回以下错误:
- aws_s3_bucket.app:放置S3日志时出错:InvalidTargetBucketForLogging:您必须将日志传送组WRITE和READ_ACP权限授予目标存储桶
我的S3.tf文件:
data "aws_iam_policy_document" "s3_policy" {
policy_id = "PolicyForCloudFrontPrivateContent"
statement {
sid = "1"
actions = ["s3:GetObject"]
resources = ["arn:aws:s3:::${local.name_env}/*"]
principals {
type = "AWS"
identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
}
}
}
resource "aws_s3_bucket" "app" {
bucket = "${local.name_env}"
policy = "${data.aws_iam_policy_document.s3_policy.json}"
logging {
target_bucket = "${local.logs_bucket}"
target_prefix = "app-${var.environment}"
}
versioning {
enabled = true
}
tags = "${local.tags}"
}
您需要向aclaws_s3_bucket 添加一个属性,其值为“ log-delivery-write”。
resource "aws_s3_bucket" "app" {
bucket = "${local.name_env}"
acl = "log-delivery-write"
...
}
| 归档时间: |
|
| 查看次数: |
1477 次 |
| 最近记录: |