gungoren/location_based_bucket_policy.tf

## location_based_bucket_policy.tf
resource "aws_s3_bucket_policy" "cdn-cf-policy" {
  bucket = module.origin_bucket.s3_bucket_id
  policy = data.aws_iam_policy_document.my-cdn-cf-policy.json
}

data "aws_iam_policy_document" "my-cdn-cf-policy" {
  statement {
    sid = "1"
    principals {
      type        = "AWS"
      identifiers = module.cdn.cloudfront_origin_access_identity_iam_arns
    }

    actions = [
      "s3:GetObject"
    ]

    resources = [
      "${module.origin_bucket.s3_bucket_arn}/*"
    ]
  }
}
	resource "aws_s3_bucket_policy" "cdn-cf-policy" {
	bucket = module.origin_bucket.s3_bucket_id
	policy = data.aws_iam_policy_document.my-cdn-cf-policy.json
	}

	data "aws_iam_policy_document" "my-cdn-cf-policy" {
	statement {
	sid = "1"
	principals {
	type = "AWS"
	identifiers = module.cdn.cloudfront_origin_access_identity_iam_arns
	}

	actions = [
	"s3:GetObject"
	]

	resources = [
	"${module.origin_bucket.s3_bucket_arn}/*"
	]
	}
	}