terraform how can I find the ARN for bucket created on module

3
votes

I'm creating a bucket using a module, how can I find the ARN for that bucket?

create the module

module "testbucket" {
 source         = "github.com/tomfa/terraform-sandbox/s3-webfiles-bucket"
 aws_region     = "${var.aws_region}"
 aws_access_key = "${var.aws_access_key}"
 aws_secret_key = "${var.aws_secret_key}"
 bucket_name    = "${var.bucket_name}-test"
}

Then when I call the policy I need access to the ARN

 {
    "Sid": "accessToS3",
    "Effect": "Allow",
    "Action": [
        "s3:*"
    ],
    "Resource": [
        "${aws_s3_bucket.${var.bucket_name}.arn}",
    ]
}

I am not referencing the ARN so i get the error:

Error: resource 'aws_iam_role_policy.policy_Demo_lambda' config: unknown resource 'aws_s3_bucket.mybukk' referenced in variable aws_s3_bucket.mybukk.arn

How to access my ARN? thanks

2
amazon-web-servicesterraform

2 Answers

3
votes

Your module will need to have an outputs.tf file, looking like this:

output "bucket_arn" {
  value = "${aws_s3_bucket.RESOURCE_NAME.arn}"
}

Please note that you will have to replace RESOURCE_NAME with the name of the terraform S3 bucket resource.

For example, if your resource looks like this: resource "aws_s3_bucket" "b" {... then you will need to replace RESOURCE_NAME to b

then you can call it in your policy:

{
    "Sid": "accessToS3",
    "Effect": "Allow",
    "Action": [
        "s3:*"
    ],
    "Resource": [
        "${module.testbucket.bucket_arn}",
    ]
}
1
votes

This can be accomplished in two ways after terraform apply has been executed:

Create a file called outputs.tf in your working directory. In that file you can use one of the two methods below.

1 (if you already have a variable for this resource defined)

output "S3 Bucket Name" {
  value = "${var.bucket_name.arn}"
}

2 (if you want to call the resource directly)

output "S3 Bucket Name" {
  value = "${aws_s3_bucket.bucket_name.arn}"
}