创建 IAM 策略时出错 example_policy:MalformedPolicyDocument:策略文档不应指定主体
error creating IAM policy example_policy: MalformedPolicyDocument: Policy document should not specify a principal
我正在尝试创建存储桶策略以授予 CloudFront 原始访问身份 (OAI) 权限以获取(读取)您的 Amazon S3 存储桶中的所有对象。
但我正面临这个错误,因为“发生错误:
Error: error creating IAM policy example_policy: MalformedPolicyDocument: Policy document should not specify a principal.
│ status code: 400, request id: 95044f55-e4bf-403e-8233-95964ffe09d1
│
│ with module.iam.aws_iam_policy.s3Frontend,
│ on ..\modules\iam\resources.tf line 65, in resource "aws_iam_policy" "s3Frontend":
│ 65: resource "aws_iam_policy" "s3Frontend" {
data "aws_iam_policy_document" "s3Frontend" {
version = "2012-10-17"
statement {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:ListBucket"
]
principals {
type = "AWS"
identifiers = ["arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity $MYID"] #
}
resources = [ "arn:aws:s3:::WebSitefrontend/*" ]
}
}
resource "aws_iam_policy" "s3Frontend" {
name = "example_policy"
path = "/"
policy = data.aws_iam_policy_document.s3Frontend.json
}
output "s3FrontendId" {
description = "IDs of frontend deploy artifect on s3"
value = aws_iam_policy.s3-Frontend.id
}
感谢您的帮助。
错误MalformedPolicyDocument: Policy document should not specify a principal指的是在resource "aws_iam_policy"中创建的IAM identity-based policy,不能包含主体。
您正在尝试创建基于 S3 Bucket 资源的策略,该策略可用于 aws_s3_bucket_policy Terraform 资源。用法示例:
resource "aws_s3_bucket_policy" "s3Frontend" {
bucket = aws_s3_bucket.WebSitefrontend.id
policy = data.aws_iam_policy_document.s3Frontend.json
}
我正在尝试创建存储桶策略以授予 CloudFront 原始访问身份 (OAI) 权限以获取(读取)您的 Amazon S3 存储桶中的所有对象。 但我正面临这个错误,因为“发生错误:
Error: error creating IAM policy example_policy: MalformedPolicyDocument: Policy document should not specify a principal.
│ status code: 400, request id: 95044f55-e4bf-403e-8233-95964ffe09d1
│
│ with module.iam.aws_iam_policy.s3Frontend,
│ on ..\modules\iam\resources.tf line 65, in resource "aws_iam_policy" "s3Frontend":
│ 65: resource "aws_iam_policy" "s3Frontend" {
data "aws_iam_policy_document" "s3Frontend" {
version = "2012-10-17"
statement {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:ListBucket"
]
principals {
type = "AWS"
identifiers = ["arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity $MYID"] #
}
resources = [ "arn:aws:s3:::WebSitefrontend/*" ]
}
}
resource "aws_iam_policy" "s3Frontend" {
name = "example_policy"
path = "/"
policy = data.aws_iam_policy_document.s3Frontend.json
}
output "s3FrontendId" {
description = "IDs of frontend deploy artifect on s3"
value = aws_iam_policy.s3-Frontend.id
}
感谢您的帮助。
错误MalformedPolicyDocument: Policy document should not specify a principal指的是在resource "aws_iam_policy"中创建的IAM identity-based policy,不能包含主体。
您正在尝试创建基于 S3 Bucket 资源的策略,该策略可用于 aws_s3_bucket_policy Terraform 资源。用法示例:
resource "aws_s3_bucket_policy" "s3Frontend" {
bucket = aws_s3_bucket.WebSitefrontend.id
policy = data.aws_iam_policy_document.s3Frontend.json
}