Fixed S3 bucket policy to make it canonical

antonbabenko · brandonjbjelland · commit cf4aafdf8268 · 2017-10-25T14:57:38.000-07:00
diff --git a/main.tf b/main.tf
@@ -21,6 +21,8 @@ resource "aws_alb" "main" {
 
 data "aws_iam_policy_document" "bucket_policy" {
   statement {
+    sid = "AllowToPutLoadBalancerLogsToS3Bucket"
+
     actions = [
       "s3:PutObject",
     ]
@@ -31,7 +33,7 @@ data "aws_iam_policy_document" "bucket_policy" {
 
     principals {
       type        = "AWS"
-      identifiers = ["${data.aws_elb_service_account.main.id}"]
+      identifiers = ["arn:aws:iam::${data.aws_elb_service_account.main.id}:root"]
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@ resource "aws_alb" "main" {`
`21`	`21`
`22`	`22`	`data "aws_iam_policy_document" "bucket_policy" {`
`23`	`23`	`statement {`
	`24`	`+ sid = "AllowToPutLoadBalancerLogsToS3Bucket"`
	`25`	`+`
`24`	`26`	`actions = [`
`25`	`27`	`"s3:PutObject",`
`26`	`28`	`]`
`@@ -31,7 +33,7 @@ data "aws_iam_policy_document" "bucket_policy" {`
`31`	`33`
`32`	`34`	`principals {`
`33`	`35`	`type = "AWS"`
`34`		`- identifiers = ["${data.aws_elb_service_account.main.id}"]`
	`36`	`+ identifiers = ["arn:aws:iam::${data.aws_elb_service_account.main.id}:root"]`
`35`	`37`	`}`
`36`	`38`	`}`
`37`	`39`	`}`