Terraform error setting S3 bucket tags: InvalidTag: The TagValue you have provided is invalid status code: 400

Question

I have managed to make my Terraform loop through all of my buckets creating an IAMs user and a bucket

resource "aws_s3_bucket" "aws_s3_buckets" {
  count         = "${length(var.s3_bucket_name)}"
  bucket        = "${var.s3_bucket_name[count.index]}"
  acl           = "private"

  tags = {
    Name        = "${var.s3_bucket_name[count.index]}"
    Environment = "live"
    policy = <<POLICY
{
    "Id": "Policy1574607242703",
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "Stmt1574607238413",
        "Action": [
          "s3:PutObject"
        ],
        "Effect": "Allow",
        "Resource": {
          "arn:aws:s3:::"."${var.s3_bucket_name[count.index]}"."/*"}
        },
        "Principal": {
        "AWS": [
        "${var.s3_bucket_name[count.index]}"}
        ]}                
      }
    ]
  }
POLICY
}
}

I'm getting error setting S3 bucket tags: InvalidTag: The TagValue you have provided is invalid status code: 400 is there a way to create policies like this? Or have I done something incorrect in my code?

Answer 1

Issue is here in the tags section.

tags = {
    Name        = "${var.s3_bucket_name[count.index]}"
    Environment = "live"
    }

The Value for Name tag should be ${var.s3_bucket_name.aws_s3_buckets[count.index]}

Answer 2

The error is because policy section is not part of tag argument. It is a separate section within the aws_s3_bucket resource. You can also use aws_s3_bucket_policy resource to create bucket policy.

Note: There are quite a few issues with the policy. You would have to fix them for the policy to go through fine. Some of the issues are:

• "arn:aws:s3:::"."${var.s3_bucket_name[count.index]}"."/*"} -- this should not be inside a JSON.
• There are some curly braces that are not aligned properly (some extra curly braces).
• The principal should be an IAM resource (IAM User or IAM role or an account or *).