Environment: Mac OS, Linux
Terraform versions: 1.9 and 1.12
Problem: plan, apply of the following runs w/o errors:
terraform {
required_providers {
aws = {
version = “~> 5.49.0”
}
}
required_version = “~> 1.1”
}
provider “aws” {
region = “us-east-2”
profile = “saml”
}
resource “aws_s3_bucket” “my_aws_s3_bucket” {
bucket = “(my bucket name)”
}
resource “aws_s3_bucket_policy” “aws_s3_bucket_policy_statements” {
bucket = aws_s3_bucket.my_aws_s3_bucket.id
policy = data.aws_iam_policy_document.s3_bucket_policy.json
}
data “aws_iam_policy_document” “s3_bucket_policy” {
statement {
sid = “AllowSSLRequestsOnly”
effect = “Deny”
principals {
type = “"
identifiers = [
"”
]
}
actions = [
“s3:"
]
resources = [
“arn:aws:s3:::(my bucket name)”,
"arn:aws:s3:::(my bucket name)/”
]
condition {
test = “Bool”
variable = “aws:SecureTransport”
values = [
“false”,
]
}
}
}
Immediately after apply, the following command:
terraform plan -refresh-only
gives:
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last “terraform apply” which may have affected this plan:
And this state command:
terraform state show “aws_s3_bucket.my_aws_s3_bucket”
shows “” for policy.