I am trying to setup a cloudfront dist and s3 bucket with terraform. When I run terraform apply
it is returning the following error:
- aws_s3_bucket.app: Error putting S3 logging: InvalidTargetBucketForLogging: You must give the log-delivery group WRITE and READ_ACP permissions to the target bucket
my S3.tf file:
data "aws_iam_policy_document" "s3_policy" {
policy_id = "PolicyForCloudFrontPrivateContent"
statement {
sid = "1"
actions = ["s3:GetObject"]
resources = ["arn:aws:s3:::${local.name_env}/*"]
principals {
type = "AWS"
identifiers = ["${aws_cloudfront_origin_access_identity.origin_access_identity.iam_arn}"]
}
}
}
resource "aws_s3_bucket" "app" {
bucket = "${local.name_env}"
policy = "${data.aws_iam_policy_document.s3_policy.json}"
logging {
target_bucket = "${local.logs_bucket}"
target_prefix = "app-${var.environment}"
}
versioning {
enabled = true
}
tags = "${local.tags}"
}
Sign in to the AWS Management Console using the account that has the S3 bucket. Open the Amazon S3 console at https://console.aws.amazon.com/s3/ . Select the bucket that you want AWS Config to use to deliver configuration items, and then choose Properties. Choose Permissions.
To set ACL permissions for an objectIn the Buckets list, choose the name of the bucket that contains the object. In the objects list, choose the name of the object for which you want to set permissions. Choose Permissions. Under Access control list (ACL), choose Edit.
You need to add an acl
attribute to your aws_s3_bucket with a value of "log-delivery-write".
resource "aws_s3_bucket" "app" {
bucket = "${local.name_env}"
acl = "log-delivery-write"
...
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With