github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/examples/aws-s3-cross-account-access/main.tf

github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/examples/aws-s3-cross-account-access/main.tf (about)

     1  provider "aws" {
     2    alias = "prod"
     3  
     4    region     = "us-east-1"
     5    access_key = "${var.prod_access_key}"
     6    secret_key = "${var.prod_secret_key}"
     7  }
     8  
     9  resource "aws_s3_bucket" "prod" {
    10    provider = "aws.prod"
    11  
    12    bucket = "${var.bucket_name}"
    13    acl    = "private"
    14  
    15    policy = <<POLICY
    16  {
    17    "Version": "2012-10-17",
    18    "Statement": [
    19      {
    20        "Sid": "AllowTest",
    21        "Effect": "Allow",
    22        "Principal": {
    23          "AWS": "arn:aws:iam::${var.test_account_id}:root"
    24        },
    25        "Action": "s3:*",
    26        "Resource": "arn:aws:s3:::${var.bucket_name}/*"
    27      }
    28    ]
    29  }
    30  POLICY
    31  }
    32  
    33  resource "aws_s3_bucket_object" "prod" {
    34    provider = "aws.prod"
    35  
    36    bucket = "${aws_s3_bucket.prod.id}"
    37    key    = "object-uploaded-via-prod-creds"
    38    source = "${path.module}/prod.txt"
    39  }
    40  
    41  provider "aws" {
    42    alias = "test"
    43  
    44    region     = "us-east-1"
    45    access_key = "${var.test_access_key}"
    46    secret_key = "${var.test_secret_key}"
    47  }
    48  
    49  resource "aws_s3_bucket_object" "test" {
    50    provider = "aws.test"
    51  
    52    bucket = "${aws_s3_bucket.prod.id}"
    53    key    = "object-uploaded-via-test-creds"
    54    source = "${path.module}/test.txt"
    55  }