Terraform: Document the IAM permissions necessary to access the S3 backend

Created on 30 Oct 2017 · 3Comments · Source: hashicorp/terraform

I'm creating an AWS user to automatically plan/apply from a remote environment. It would be nice to know which AWS permissions are necessary to use the S3 Backend, preferably on this page: https://www.terraform.io/docs/backends/types/s3.html

backens3 documentation

Source

kevinburkeotto

👍4

Most helpful comment

For my fellow googling people, this set of permissions seems to work:

statement {
  actions   = ["s3:*"]
  resources = ["arn:aws:s3:::<mybucket>"]
}

statement {
  actions = ["s3:GetObject", "s3:PutObject"]

  resources = [
    "arn:aws:s3:::<mybucket>/<mystatekey>",
  ]
}

More documentation would be welcome to further refine the "s3:*" rigths on the bucket though.

navaati on 16 Nov 2017

👍3

All 3 comments

I'm in the midst of trying to guess this now and it's taking quite some time. So any info or docs on this would help.

matthewfischer on 7 Nov 2017

For my fellow googling people, this set of permissions seems to work:

statement {
  actions   = ["s3:*"]
  resources = ["arn:aws:s3:::<mybucket>"]
}

statement {
  actions = ["s3:GetObject", "s3:PutObject"]

  resources = [
    "arn:aws:s3:::<mybucket>/<mystatekey>",
  ]
}

More documentation would be welcome to further refine the "s3:*" rigths on the bucket though.

navaati on 16 Nov 2017

👍3

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.