I've created a new issue for the AWS provider to document these permissions so we don't have to reverse engineer them any more. github.com/hashicorp/terraform-pro...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi, Erick, thank you so much for this. I'd like to see more articles like this about Terraform!
Adding s3:HeadBucket alone would not have helped you because the IAM action s3:HeadBucket does not exist :-)
I analyzed the source code of the S3 bucket resource implementation, commit 798ac2f8fad69fe661373d8b4ce1d3117e78cd01.
The function resourceAwsS3BucketRead makes these function calls. They are called directly from the function body except where noted:
Note that these are Go function names. They correspond to the S3 API methods. The corresponding IAM actions are sometimes named differently.
Most of the API methods use IAM actions with the same name, but there are exceptions:
Adding s3:HeadBucket alone would not have helped you because the IAM action s3:HeadBucket does not exist :-)
You can figure out the mapping between The S3 API methods and the IAM documentation from these pages in the AWS documentation.
It's a shame this information isn't in the Terraform documentation to save us having to reverse engineer it!
I've created a new issue for the AWS provider to document these permissions so we don't have to reverse engineer them any more.
github.com/hashicorp/terraform-pro...