Reputation: 692
Is there a way to add CORS rule to Terraform aws_s3_bucket data source?
I have an existing bucket that was not created via Terraform. I'm currently setting a policy on that bucket for additional access rights. I need to add a cors_rule to the bucket, but everything I'm finding suggests that you need to create the resource in order to add the cors rule. Is there a way to add a cors_rule to an existing bucket data source?
- Adding CORS to a bucket that's being created: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#using-cors
- Documentation on the bucket data source: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket
data "aws_s3_bucket" "my_bucket" {
bucket = "my-bucket"
# This produces a failure on plan
cors_rule {
allowed_headers = ["*"]
allowed_methods = ["GET", "HEAD"]
allowed_origins = [
"https://example.my-website.com"
]
expose_headers = [
"Access-Control-Allow-Origin",
"ETag"
]
max_age_seconds = 3000
}
}
resource "aws_s3_bucket_policy" "allow_access" {
bucket = data.aws_s3_bucket.my_bucket.id
policy = data.aws_iam_policy_document.allow_access.json
}
data "aws_iam_policy_document" "allow_access" {
statement {
sid = "Access"
principals {
type = "AWS"
identifiers = ["arn:aws:iam::123456789012:user/test"]
}
actions = [
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListBucket",
]
resources = [
data.aws_s3_bucket.my_bucket.arn,
"${data.aws_s3_bucket.my_bucket.arn}/*"
]
}
}
Upvotes: 4
Views: 6969
Answers (3)
Reputation: 1885
resource "aws_s3_bucket" "my_bucket" {
bucket = "my-bucket"
cors_rule {
allowed_headers = ["*"]
allowed_methods = ["PUT", "POST", "DELETE", "GET"]
allowed_origins = ["*"]
expose_headers = []
}
}
This works for me with version 3.7
Upvotes: 0
Reputation: 57184
You are in so much luck. Just today / yesterday version 4.0.0 of the AWS provider was released.
That new provider version refactored a lot in regards to S3 bucket handling. You now have a standalone s3_bucket_cors_configuration resource instead of CORS settings directly on the aws_s3_bucket resource. That means you can now configure the CORS settings (and many others settings) without actually having the bucket itself in your state.
resource "aws_s3_bucket_cors_configuration" "example" {
bucket = aws_s3_bucket.example.bucket
cors_rule {
allowed_headers = ["*"]
allowed_methods = ["PUT", "POST"]
allowed_origins = ["https://s3-website-test.hashicorp.com"]
expose_headers = ["ETag"]
max_age_seconds = 3000
}
cors_rule {
allowed_methods = ["GET"]
allowed_origins = ["*"]
}
}
The only caveat is that you would need to upgrade to 4.0.0 of the AWS provider with all the breaking changes that come with it.
Upvotes: 11
Reputation: 10117
You can only modify resources that are managed by terraform, not resources brought in as a data source. What you can do is create a resource for your bucket, and then import the existing bucket:
terraform import aws_s3_bucket.my_bucket my-bucket
The import command will give you a list of all properties set on the bucket. For properties you don't want to manage with terraform, use the ignore argument on the lifecycle block.
Upvotes: 1
Related Questions
- S3 CORS policy for public bucket
- How to add public permissions for S3 bucket via terraform
- How to enable CORS on AWS with terraform
- AWS S3 Bucket CORS Policy Error: No 'Access-Control-Allow-Origin' header is present on the requested resource
- Using aws_s3_bucket_cors_configuration for multiple cors_rules with terraform aws provider version 4
- How to configure CORS on AWS S3?
- Terraform how to restrict s3 objects from being public
- How can we set CORS for folders in Amazon S3 Buckets
- How to avoid S3 bucket policy conflict
- Terraform use existing policy for s3 bucket