My Saved Presets
You must be logged in to view saved presets

Loading Library ...

S3 Bucket Policy for Cross-Account Access

This template attaches a policy to an S3 bucket to allow access from another AWS account.

example

aws_s3_bucket


grant

permissions


cors_rule

allowed_headers

allowed_methods

allowed_origins

expose_headers

lifecycle_rule


expiration

transition


noncurrent_version_expiration
noncurrent_version_transition

logging


object_lock_configuration

rule
apply_server_side_encryption_by_default


replication_configuration

rules
destination



access_control_translation


replication_time
metrics
filter



source_selection_criteria
sse_kms_encrypted_objects
server_side_encryption_configuration
rule
apply_server_side_encryption_by_default

versioning
website



routing_rules

depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



allow_access_from_another_account

aws_s3_bucket_policy



depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



allow_access_from_another_account

aws_iam_policy_document

override_policy_documents


source_policy_documents

statement

actions

condition


values


not_actions

not_principals

identifiers

not_resources

principals

identifiers

resources


depends_on


lifecycle

ignore_changes

replace_triggered_by

precondition


postcondition



Terraform Template

data "aws_iam_policy_document" "allow_access_from_another_account" {

  statement {
    actions = ["s3:GetObject", "s3:ListBucket"]

    principals {
      identifiers = ["123456789012"]
      type = "AWS"
    }
    resources = [aws_s3_bucket.example.arn, "${aws_s3_bucket.example.arn}/*"]
  }
}

resource "aws_s3_bucket" "example" {
  bucket = "my-tf-test-bucket"
}

resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
  bucket = aws_s3_bucket.example.id
  policy = data.aws_iam_policy_document.allow_access_from_another_account.json
}

© 2024 asecurecloud. All rights reserved.