terraform cloudfront distribution origin - how to update s3 bucket policy

0
votes

While creating cloudfront distribution through aws console, we have an option to choose an origin access identity and also, let it update the bucket policy.

I am trying to look for similar options in terraform so that I don't have to manually manage the s3 bucket read permissions for cloudfront origin access identity.

I have checked https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html but couldn't find any reference to such option.

Please let me know if I missed checking something on the page.

1
amazon-web-servicesamazon-s3amazon-cloudfront

1 Answers

1
votes

I don't think you missed anything on that page. But, you also need to look at this page:
https://www.terraform.io/docs/providers/aws/r/s3_bucket.html .
This page covers more detail on setting up S3 buckets. Note the policy line in the Static Website Hosting section. You can add a line like 

policy = "${file("policy.json")}"

and then you can write whatever policy you need into the policy.json file, which then will be included and thereby allow you to avoid needing to manually configure permissions in the console.