如何解决Terraform-启用访问负载平衡器日志InvalidConfigurationRequest:存储桶访问被拒绝
我正在使用terraform来配置ELB,并想为S3存储桶中的ELB启用访问日志。尝试应用资源时,出现以下错误-InvalidConfiguration:存储桶访问被拒绝:
下面是我的TF资源以及使用IAM策略文档创建的S3存储桶策略。
resource "aws_lb" "this" {
name = var.name
load_balancer_type = "application"
access_logs {
bucket = aws_s3_bucket.this.bucket
prefix = var.name
enabled = true
}
}
resource "aws_s3_bucket" "this" {
bucket = "${var.bucket_name}"
acl = "log-delivery-write"
force_destroy = true
}
resource "aws_s3_bucket_policy" "this" {
bucket = "aws_s3_bucket.this.id"
policy = "${data.aws_iam_policy_document.s3_bucket_lb_write.json}"
}
data "aws_iam_policy_document" "s3_bucket_lb_write" {
policy_id = "s3_bucket_lb_logs"
statement {
actions = [
"s3:PutObject",]
effect = "Allow"
resources = [
"${aws_s3_bucket.this.arn}/*",]
principals {
identifiers = ["${data.aws_elb_service_account.main.arn}"]
type = "AWS"
}
}
statement {
actions = [
"s3:PutObject"
]
effect = "Allow"
resources = ["${aws_s3_bucket.this.arn}/*"]
principals {
identifiers = ["delivery.logs.amazonaws.com"]
type = "Service"
}
}
statement {
actions = [
"s3:GetBucketAcl"
]
effect = "Allow"
resources = ["${aws_s3_bucket.this.arn}"]
principals {
identifiers = ["delivery.logs.amazonaws.com"]
type = "Service"
}
}
}
output "bucket_name" {
value = "${aws_s3_bucket.this.bucket}"
}
我收到以下错误
Error: Error putting S3 policy: NoSuchBucket: The specified bucket does not exist
status code: 404,request id: 5932CFE816059A8D,host id: j5ZBQ2ptHXivx+fu7ai5jbM8PSQR2tCFo4IAvcLkuocxk8rn/r0TG/6YbfRloBFR2WSy8UE7K8Q=
Error: Failure configuring LB attributes: InvalidConfigurationRequest: Access Denied for bucket: test-logs-bucket-xyz. Please check S3bucket permission
status code: 400,request id: ee101cc2-5518-42c8-9542-90dd7bb05e3c
地形版本 Terraform v0.12.23
- provider.aws v3.6.0
解决方法
存在错误:
$("#AreYouGoingOnVacation").change(function () {
if ($(this).val() == "Yes") {
$("#divWouldYouBeTakingASpouse").show();
} else {
$("#divWouldYouBeTakingASpouse").hide();
}
});
$("#WouldYouBeTakingASpouse").change(function () {
if ($(this).val() == "Yes") {
$("#divHowLongAreYouWillingToWaitForFood").show();
} else {
$("#divHowLongAreYouWillingToWaitForFood").hide();
}
});
});
应该是:
resource "aws_s3_bucket_policy" "this" {
bucket = "aws_s3_bucket.this.id"
policy = "${data.aws_iam_policy_document.s3_bucket_lb_write.json}"
}
原始版本(resource "aws_s3_bucket_policy" "this" {
bucket = aws_s3_bucket.this.id
policy = data.aws_iam_policy_document.s3_bucket_lb_write.json
}
)只会尝试查找字面上称为“ aws_s3_bucket.this.id”的存储桶。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。