放置 S3 策略时出错:MalformedPolicy:策略中的主体无效

Error putting S3 policy: MalformedPolicy: Invalid principal in policy

我正在尝试使用 Terraform 在 S3 存储桶的 IAM 策略上设置多个主体(IAM 角色)。计划如下所示:

Terraform will perform the following actions:

  # module.log_bucket.aws_s3_bucket_policy.policy will be updated in-place
  ~ resource "aws_s3_bucket_policy" "policy" {
        id     = "log_bucket"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  + {
                      + Action    = [
                          + "s3:PutObject",
                          + "s3:PutObjectAcl",
                        ]
                      + Effect    = "Allow"
                      + Principal = {
                          + AWS = [
                              + "arn:aws:iam::<account1-id>:role/my_log_role",
                              + "arn:aws:iam::<account2-id>:role/my_log_role",
                              + "arn:aws:iam::<account3-id>:role/my_log_role",
                              + "arn:aws:iam::<account4-id>:role/my_log_role",
                            ]
                        }
                      + Resource  = [
                          + "arn:aws:s3:::log_bucket/*",
                          + "arn:aws:s3:::log_bucket",
                        ]
                      + Sid       = "DelegateS3Access"
                    },
                ]
                # (1 unchanged element hidden)
            }
        )
        # (1 unchanged attribute hidden)
    }

但是当我申请时出现以下错误:


│ Error: Error putting S3 policy: MalformedPolicy: Invalid principal in policy
│   status code: 400

│   with module.log_bucket.aws_s3_bucket_policy.policy,
│   on .terraform/mypath/main.tf line 63, in resource "aws_s3_bucket_policy" "policy":
│   63: resource "aws_s3_bucket_policy" "policy" {
│

我觉得是对的,为什么会报错?

根据评论,这是因为您指定的角色必须在创建策略时存在。

Relevant documentation