Home > database >  Terraform plan shows changes for CanonicalUser that are already applied
Terraform plan shows changes for CanonicalUser that are already applied

Time:09-09

I have an IAM policy to allow my CloudFront to read and list objects in my S3 bucket specified as follows:

[...]

Effect = "Allow"
    Principal = {
      "CanonicalUser" : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    }
    Action : [
      "s3:GetObject",
      "s3:ListBucket"
    ],

[...]

With this already applied, any time I run again terraform plan changes appear with regards to that Principal / CanonicalUser which is pretty inconvenient as blurs the rest of the output.

Any solution to that?

CodePudding user response:

I managed to solve it replacing in the terraform configuration the CanonicalUser by a AWS type identifier:

So my policy above will be instead:

Principal = {
    "AWS" : arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXX
}

With this the plan shows no changes when nothing has changed

Page link:https//www.codepudding.com/database/539193.html

Prev:How to download a file from aws bucket only by knowing bucket name and object name in python?
Next:How to generate a slug for documents that already exist in MongoDB?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding