Create s3bucketpolicy.tf

100daysofdevops · Feb 22, 2019 · 87e302b · 87e302b
1 parent 0fca7b6
commit 87e302b
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/s3bucketpolicy.tf b/s3bucketpolicy.tf
@@ -0,0 +1,28 @@
+provider "aws" {
+  region = "us-west-2"
+}
+resource "aws_s3_bucket_policy" "s3policy" {
+  bucket = "mytests3bucket"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "MYBUCKETPOLICY",
+  "Statement": [
+    {
+      "Sid": "IPAllow",
+      "Effect": "Allow",
+      "Principal": "*",
+       "Action": [
+        "s3:GetObject",
+        "s3:PutObject"
+      ],
+      "Resource": "arn:aws:s3:::mytests3bucket*",
+      "Condition": {
+         "IpAddress": {"aws:SourceIp": "192.168.0.2/24"}
+      }
+    }
+  ]
+}
+POLICY
+}