wkalt/repro.tf

## repro.tf
provider "aws" {
  region = "us-west-2"
}

resource "aws_iam_user" "bucket_owner" {
  name = "bucket_owner"
}

resource "aws_iam_user" "bucket_reader" {
  name = "bucket_reader"
}

resource "aws_s3_bucket" "bucket" {
  bucket = "test_bucket"
  acl    = "private"
}

data "aws_iam_policy_document" "bucket_owner_policy_doc" {
  statement {
    sid = "1"

    actions = [
      "s3:ListBucket",
      "s3:PutObject",
      "s3:GetObject",
    ]

    resources = [
      "${aws_s3_bucket.bucket.arn}",
    ]
  }
}

data "aws_iam_policy_document" "bucket_reader_policy_doc" {
  statement {
    sid = "1"

    actions = [
      "s3:ListBucket",
    ]

    resources = [
      "${aws_s3_bucket.bucket.arn}",
    ]
  }
}

resource "aws_iam_policy" "bucket_owner_policy" {
  name   = "bucket-owner-policy"
  policy = "${data.aws_iam_policy_document.bucket_owner_policy_doc.json}"
}

resource "aws_iam_policy" "bucket_reader_policy" {
  name   = "bucket-reader-policy"
  policy = "${data.aws_iam_policy_document.bucket_reader_policy_doc.json}"
}

resource "aws_iam_policy_attachment" "bucket_owner_policy_attachment" {
  name       = "bucket-owner-policy-attachment"
  users      = ["${aws_iam_user.bucket_owner.arn}"]
  policy_arn = "${aws_iam_policy.bucket_owner_policy.arn}"
}

resource "aws_iam_policy_attachment" "bucket_reader_policy_attachment" {
  name       = "bucket-reader-policy-attachment"
  users      = ["${aws_iam_user.bucket_reader.arn}"]
  policy_arn = "${aws_iam_policy.bucket_reader_policy.arn}"
}
	provider "aws" {
	region = "us-west-2"
	}

	resource "aws_iam_user" "bucket_owner" {
	name = "bucket_owner"
	}

	resource "aws_iam_user" "bucket_reader" {
	name = "bucket_reader"
	}

	resource "aws_s3_bucket" "bucket" {
	bucket = "test_bucket"
	acl = "private"
	}

	data "aws_iam_policy_document" "bucket_owner_policy_doc" {
	statement {
	sid = "1"

	actions = [
	"s3:ListBucket",
	"s3:PutObject",
	"s3:GetObject",
	]

	resources = [
	"${aws_s3_bucket.bucket.arn}",
	]
	}
	}

	data "aws_iam_policy_document" "bucket_reader_policy_doc" {
	statement {
	sid = "1"

	actions = [
	"s3:ListBucket",
	]

	resources = [
	"${aws_s3_bucket.bucket.arn}",
	]
	}
	}

	resource "aws_iam_policy" "bucket_owner_policy" {
	name = "bucket-owner-policy"
	policy = "${data.aws_iam_policy_document.bucket_owner_policy_doc.json}"
	}

	resource "aws_iam_policy" "bucket_reader_policy" {
	name = "bucket-reader-policy"
	policy = "${data.aws_iam_policy_document.bucket_reader_policy_doc.json}"
	}

	resource "aws_iam_policy_attachment" "bucket_owner_policy_attachment" {
	name = "bucket-owner-policy-attachment"
	users = ["${aws_iam_user.bucket_owner.arn}"]
	policy_arn = "${aws_iam_policy.bucket_owner_policy.arn}"
	}

	resource "aws_iam_policy_attachment" "bucket_reader_policy_attachment" {
	name = "bucket-reader-policy-attachment"
	users = ["${aws_iam_user.bucket_reader.arn}"]
	policy_arn = "${aws_iam_policy.bucket_reader_policy.arn}"
	}