
A bucket policy grants certain permissions to certain resources. For example, one such policy would be to allow an Elastic Load Balancer to write logs to the S3 Bucket.
Let's say you have the following files on your Terraform server.
├── required_providers.tf
├── s3_buckets (directory)
│ ├── provider.tf
│ ├── buckets.tf
required_providers.tf will almost always have this.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
Let's say provider.tf in the network_load_balancer directory has the following. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.
provider "aws" {
alias = "default"
profile = "default"
region = "default"
}
And let's say buckets.tf contains something like this to create a bucket named my_bucket_fjfnv9d3d9 and to set all of the public access blocks to false so that the bucket is not blocking public access.
resource "aws_s3_bucket" "my_bucket_fjfnv9d3d9" {
bucket = "my-bucket-fjfnv9d3d9"
tags = {
Name = "my-bucket-fjfnv9d3d9"
Environment = "staging"
}
}
resource "aws_s3_bucket_public_access_block" "public-access-block" {
bucket = aws_s3_bucket.my_bucket_fjfnv9d3d9.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
You may need to run the terraform init command.
terraform init
The terraform plan command can be used to see what Terraform will try to do.
terraform plan
And the terraform apply command can be used to create the S3 Bucket.
terraform apply
Did you find this article helpful?
If so, consider buying me a coffee over at