2

More than 3 years have passed since last update.

@matsuda-hiroki(hiroki matsuda)in

terraform で Error putting S3 policy: MalformedPolicy が出たときに確認したこと

Posted at 2020-02-05

症状

こちらの投稿を参考に
terraformで構築、と拡張していたところ、S3のポリシー関連でエラーが出るようになった

エラーメッセージ

Error: Error putting S3 policy: MalformedPolicy: Action does not apply to any resource(s) in statemen
    status code: 400, request id: hoge, host id: fuga

原因

aws_iam_policy_document の statement resources に必要なARN指定が不足していた。

data "aws_iam_policy_document" "cf_to_s3_policy" {
  statement {
(中略)
    resources = [
      // "${aws_s3_bucket.image-bucket.arn}" の行が不要だと思って削除したが、実は必要だった
      "${aws_s3_bucket.image-bucket.arn}/testdir/*",
    ]
(中略)

修正後のソースコード

data "aws_iam_policy_document" "cf_to_s3_policy" {
  statement {
    actions = ["s3:GetObject", "s3:ListBucket"]

    resources = [
      "${aws_s3_bucket.image-bucket.arn}",
      "${aws_s3_bucket.image-bucket.arn}/*",
    ]

    principals {
      type        = "AWS"
      identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
    }
  }
}

参考

https://qiita.com/natsumisawa/items/404217208ab1c96d8719
https://stackoverflow.com/questions/44228422/s3-bucket-action-doesnt-apply-to-any-resources

2

Register as a new user and use Qiita more conveniently

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up

2