github.com/leeprovoost/terraform@v0.6.10-0.20160119085442-96f3f76118e7/examples/aws-s3-cross-account-access/main.tf (about) 1 provider "aws" { 2 alias = "prod" 3 4 region = "us-east-1" 5 access_key = "${var.prod_access_key}" 6 secret_key = "${var.prod_secret_key}" 7 } 8 9 resource "aws_s3_bucket" "prod" { 10 provider = "aws.prod" 11 12 bucket = "${var.bucket_name}" 13 acl = "private" 14 policy = <<POLICY 15 { 16 "Version": "2012-10-17", 17 "Statement": [ 18 { 19 "Sid": "AllowTest", 20 "Effect": "Allow", 21 "Principal": { 22 "AWS": "arn:aws:iam::${var.test_account_id}:root" 23 }, 24 "Action": "s3:*", 25 "Resource": "arn:aws:s3:::${var.bucket_name}/*" 26 } 27 ] 28 } 29 POLICY 30 } 31 32 resource "aws_s3_bucket_object" "prod" { 33 provider = "aws.prod" 34 35 bucket = "${aws_s3_bucket.prod.id}" 36 key = "object-uploaded-via-prod-creds" 37 source = "${path.module}/prod.txt" 38 } 39 40 provider "aws" { 41 alias = "test" 42 43 region = "us-east-1" 44 access_key = "${var.test_access_key}" 45 secret_key = "${var.test_secret_key}" 46 } 47 48 resource "aws_s3_bucket_object" "test" { 49 provider = "aws.test" 50 51 bucket = "${aws_s3_bucket.prod.id}" 52 key = "object-uploaded-via-test-creds" 53 source = "${path.module}/test.txt" 54 }