Allow multiple policies to be attached to an s3 bucket #10543
Comments
|
AWS only supports a single bucket policy on a bucket. You can combine multiple Statements into a single policy, but not attach multiple policies. |
|
I've also run across this problem. The issue is that I can't assemble a policy from resources in different modules unless I output all those policies. It's be nice to have a resource like "aws_s3_bucket_policy_statement" |
|
Can anybody suggest workaround for this? I have multiple environments (some are already existing and some I create with terraform). My requirement is that the bucket should be accessible to old infra and new one's. When I tier down new terraform infra.. the policy will get updated automatically and remove the ips of recently removed infra. However, the old infra ips should be there. |
|
+1 @rajiv2205 I have exactly the same problem. |
|
@hwscell I changed my approach to aws roles. Now, the instances that have the role attached on it can access s3 bucket. The IAM role has permissions to access the bucket. Hope this will help. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Hi there,
Terraform Version
0.7.13
Affected Resource(s)
Expected Behavior
Instead of using a different bucket for different logs, I'm trying to use one bucket with different prefixes. The issue with this is that I cannot use more than one aws_s3_bucket_policy. If I specify this resource multiple times, the previous gets overwritten and only the last one is used. Ideally, there would be something like aws_iam_policy_attachment resource.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
The text was updated successfully, but these errors were encountered: