Wil*_*oss 19 amazon-s3 terraform
使用 Terraform,我声明一个 s3 存储桶和关联的策略文档,以及 iam_role 和 iam_role_policy。
s3 存储桶在 AWS 中创建得很好,但是该存储桶被列为“访问:对象可以是公共的”,并且希望对象是私有的。如何明确地将对象设为私有?
resource "aws_s3_bucket" "app" {
bucket = "${data.aws_caller_identity.current.account_id}-app"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
}
data "aws_iam_policy_document" "app_s3_policy" {
statement {
effect = "Allow"
actions = [
"s3:PutObject"
]
resources = [
aws_s3_bucket.app.arn,
"${aws_s3_bucket.app.arn}/*"
]
}
}
Mar*_*k B 33
阻止存储桶中的所有对象公开的最简单方法是将aws_s3_bucket_public_access_block资源附加到存储桶。它看起来像这样:
resource "aws_s3_bucket_public_access_block" "app" {
bucket = aws_s3_bucket.app.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
| 归档时间: |
|
| 查看次数: |
8176 次 |
| 最近记录: |