This is an AWS IAM policy to provide restricted access to Terraform to communicate with the backend resources -AWS S3 bucket and dynamoDB table
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "VisualEditor0", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "dynamodb:PutItem", | |
| "dynamodb:DeleteItem", | |
| "dynamodb:GetItem" | |
| ], | |
| "Resource": "arn:aws:dynamodb:$(Region):$(AWSAccountNumber):table/$(BackendLockTableName)" | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": "s3:ListBucket", | |
| "Resource": "arn:aws:s3:::$(BackendBucketName)" | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:GetObject", | |
| "s3:PutObject" | |
| ], | |
| "Resource": "arn:aws:s3:::$(BackendBucketName)/$(PathToTFStateFile)" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment