Commit bdb37e7 1 parent 12f337b commit bdb37e7 Copy full SHA for bdb37e7
File tree 1 file changed +21
-23
lines changed
1 file changed +21
-23
lines changed Original file line number Diff line number Diff line change @@ -19,25 +19,22 @@ resource "scaleway_object_bucket_policy" "policy" {
1919 bucket = scaleway_object_bucket.bucket.name
2020 policy = jsonencode(
2121 {
22- Id = "MyPolicy"
22+ Version = "2023-04-17",
23+ Id = "MyBucketPolicy",
2324 Statement = [
2425 {
25- Action = [
26- "s3:ListBucket",
27- "s3:GetObject",
28- ]
29- Effect = "Allow"
26+ Sid = "Delegate access",
27+ Effect = "Allow",
3028 Principal = {
31- SCW = "*"
32- }
33- Resource = [
34- "some-unique-name",
35- "some-unique-name/*",
29+ SCW = "application_id:<APPLICATION_ID>"
30+ },
31+ Action = "s3:ListBucket",
32+ Resources = [
33+ "${scaleway_object_bucket.bucket.name}",
34+ "${scaleway_object_bucket.bucket.name}/*"
3635 ]
37- Sid = "GrantToEveryone"
38- },
36+ }
3937 ]
40- Version = "2012-10-17"
4138 }
4239 )
4340}
@@ -56,22 +53,23 @@ resource "scaleway_object_bucket_policy" "main" {
5653}
5754
5855data "aws_iam_policy_document" "policy" {
59- version = "2012-10-17"
56+ version = "2023-04-17"
57+ id = "MyBucketPolicy"
58+
6059 statement {
61- sid = "MyPolicy"
60+ sid = "Delegate access"
61+ effect = "Allow"
62+
6263 principals {
6364 type = "SCW"
64- identifiers = ["project_id:<project_id >"]
65+ identifiers = ["application_id:<APPLICATION_ID >"]
6566 }
6667
67- actions = [
68- "s3:GetObject",
69- "s3:ListBucket",
70- ]
68+ actions = ["s3:ListBucket"]
7169
7270 resources = [
73- "some-unique- name",
74- "some-unique- name/*",
71+ "${scaleway_object_bucket.bucket. name} ",
72+ "${scaleway_object_bucket.bucket. name} /*"
7573 ]
7674 }
7775}
You can’t perform that action at this time.
0 commit comments