apply access policy to user, not bucket

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2019-08-05 13:41:49 -04:00
parent e677f3f45f
commit 50a14d330a
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
1 changed files with 5 additions and 2 deletions

View File

@ -23,6 +23,11 @@ resource "aws_s3_bucket" "main" {
lifecycle { lifecycle {
prevent_destroy = true prevent_destroy = true
} }
}
resource "aws_iam_user_policy" "main" {
name = "${var.bucket_name}-access"
user = "${aws_iam_user.main.name}"
policy = <<EOF policy = <<EOF
{ {
@ -30,12 +35,10 @@ resource "aws_s3_bucket" "main" {
"Statement": [ "Statement": [
{ {
"Effect": "Allow", "Effect": "Allow",
"Principal": {"AWS": ["${aws_iam_user.main.arn}"]},
"Action": ["s3:*"], "Action": ["s3:*"],
"Resource":["arn:aws:s3:::${var.bucket_name}/*"] "Resource":["arn:aws:s3:::${var.bucket_name}/*"]
} }
] ]
} }
EOF EOF
} }