32 lines
860 B
HCL
32 lines
860 B
HCL
data "aws_s3_bucket" "bucket" {
|
|
for_each = toset(var.buckets)
|
|
|
|
bucket = each.value
|
|
}
|
|
|
|
resource "aws_s3_bucket_policy" "policy" {
|
|
for_each = toset(var.buckets)
|
|
|
|
bucket = data.aws_s3_bucket.bucket[each.value].id
|
|
|
|
policy = jsonencode({
|
|
"Version" = "2008-10-17",
|
|
"Id": "PolicyForCloudFrontPrivateContent",
|
|
"Statement" = [
|
|
{
|
|
"Sid" = "AllowCloudFrontServicePrincipal"
|
|
"Effect" = "Allow",
|
|
"Principal" = {
|
|
"Service" = "cloudfront.amazonaws.com"
|
|
},
|
|
"Action" = "s3:GetObject",
|
|
"Resource" = "${data.aws_s3_bucket.bucket[each.value].arn}/*",
|
|
"Condition" = {
|
|
"StringEquals" = {
|
|
"AWS:SourceArn": "arn:aws:cloudfront::508259851457:distribution/${aws_cloudfront_distribution.distribution[each.value].id}"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
})
|
|
} |