Skip to content

Instantly share code, notes, and snippets.

@roylines
Created September 19, 2015 10:46
Show Gist options
  • Save roylines/f89d136b1ad0c66ee729 to your computer and use it in GitHub Desktop.
Save roylines/f89d136b1ad0c66ee729 to your computer and use it in GitHub Desktop.
IAM policy to allow storing of remote terraform state in S3
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::my.bucket",
"arn:aws:s3:::my.bucket/*"
]
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}
@rrees
Copy link

rrees commented Sep 18, 2017

I had to add DynamoDB permissions as well to handle locks.
"Action": "dynamodb:*"
"Resource": "arn:aws:dynamodb:<region>:<account_id>:table/terraform_locks"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment