-
Notifications
You must be signed in to change notification settings - Fork 2
/
bucket.tf
28 lines (23 loc) · 655 Bytes
/
bucket.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
resource "aws_s3_bucket" "this" {
bucket = var.bucket_name
tags = merge(var.default_tags, var.s3_bucket_tags)
}
data "aws_iam_policy_document" "bucket_policy" {
statement {
principals {
type = "Service"
identifiers = ["cloudfront.amazonaws.com"]
}
actions = ["s3:GetObject"]
resources = ["${aws_s3_bucket.this.arn}/*"]
condition {
variable = "aws:SourceArn"
test = "StringEquals"
values = [aws_cloudfront_distribution.this.arn]
}
}
}
resource "aws_s3_bucket_policy" "this" {
bucket = aws_s3_bucket.this.bucket
policy = data.aws_iam_policy_document.bucket_policy.json
}