Terraform provisioner local-exec - aws cli
up vote
1
down vote
favorite
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
add a comment |
up vote
1
down vote
favorite
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 at 13:52
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
terraform aws-cli
edited Nov 19 at 13:44
kenlukas
1,24431217
1,24431217
asked Nov 19 at 13:05
user2086572
6129
6129
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 at 13:52
add a comment |
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 at 13:52
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 at 13:25
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 at 13:29
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 at 13:49
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 at 13:52
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 at 13:52
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375295%2fterraform-provisioner-local-exec-aws-cli%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 at 13:52