How should I be referencing the generated S3 ARN ?
The following fails ?
provider "aws" {
region = "ca-central-1"
}
resource "aws_s3_bucket" "b" {
bucket = "nicholas-yue-my-tf-test-bucket"
}
resource "aws_s3_bucket_policy" "b" {
bucket = aws_s3_bucket.b.id
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Example permissions",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::083230063072:role/ACI-Webhooks"
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Resource": "${aws_s3_bucket.b.arn}"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::083230063072:role/ACI-Webhooks"
},
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::nicholas-yue-my-tf-test-bucket/*"
}
]
}
POLICY
}
output "S3-ARN" {
value = aws_s3_bucket.b.arn
}