resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

website: Document required S3 IAM actions for S3 backend

This commit is contained in:
Andrew 2017-12-06 06:31:31 +11:00 committed by Martin Atkins
parent 2b68f4393e
commit d6b8e27086
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
website/docs/backends/types/s3.html.md
View File

@ -38,6 +38,35 @@ Terraform state is written to the key `path/to/my/key`.
Note that for the access credentials we recommend using a
[partial configuration](/docs/backends/config.html).
### S3 Bucket Permissions
Terraform will need the following AWS IAM permissions on
the target backend bucket:
* `s3:ListBucket` on `arn:aws:s3:::mybucket`
* `s3:GetObject` on `arn:aws:s3:::mybucket/path/to/my/key`
* `s3:PutObject` on `arn:aws:s3:::mybucket/path/to/my/key`
This is seen in the following AWS IAM Statement:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::mybucket"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::mybucket/path/to/my/key"
}
]
}
```
## Using the S3 remote state
To make use of the S3 remote state we can use the