4/14/2023 6:35:50 PM

It sometimes feels like Hashicorp/Terraform wants you to go fuckin insane trying to figure out what permissions are needed to create resources in AWS (they just want you to pay maybe???). For S3, you can give your Terraform user the "s3:*" permission or you can use the permission set below. This worked for me doing basic create/update operations. Hopefully it helps you not lose your fuckin mind trying to update an S3 bucket when you don't realize you need a bunch of random permissions to do so.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetLifecycleConfiguration", "s3:GetBucketTagging", "s3:GetBucketLogging", "s3:CreateBucket", "s3:ListBucket", "s3:GetAccelerateConfiguration", "s3:GetBucketPolicy", "s3:GetBucketObjectLockConfiguration", "s3:GetEncryptionConfiguration", "s3:PutBucketTagging", "s3:GetBucketRequestPayment", "s3:PutBucketAcl", "s3:GetBucketOwnershipControls", "s3:GetBucketPublicAccessBlock", "s3:PutBucketPublicAccessBlock", "s3:GetBucketWebsite", "s3:PutBucketOwnershipControls", "s3:GetBucketVersioning", "s3:PutBucketCORS", "s3:GetBucketAcl", "s3:GetReplicationConfiguration", "s3:GetObject", "s3:GetBucketCORS", "s3:PutBucketPolicy" ], "Resource": [ "arn:aws:s3:::my-bucket-name", "arn:aws:s3:::my-bucket-name/*" ] } ] }