Terraform provisioner local-exec - aws cli
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
add a comment |
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 '18 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 '18 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 '18 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 '18 at 13:52
add a comment |
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
Trying to use AWS cli to put-public-access-block
on an s3
bucket but running into an issue and cannot work it out.
This is my code;
resource "aws_s3_bucket" "test" {
bucket = "blah-blah"
versioning {
enabled = false
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
tags {
Name = "blah-blah"
}
}
resource "null_resource" "s3publicpol" {
provisioner "local-exec" {
command = "aws s3api put-public-access-block --bucket blah-blah --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
}
}
When running this from terraform I am getting this message;
An error occurred (AccessDenied) when calling the PutPublicAccessBlock operation: Access Denied
But when I try and run AWS cli and run the command above myself it works perfectly fine, so I have the permissions within AWS.
Am I missing something I need to do locally for Terraform?
Cheers
Stephen
terraform aws-cli
terraform aws-cli
edited Nov 19 '18 at 13:44
kenlukas
1,28731317
1,28731317
asked Nov 19 '18 at 13:05
user2086572user2086572
6129
6129
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 '18 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 '18 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 '18 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 '18 at 13:52
add a comment |
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 '18 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 '18 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 '18 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 '18 at 13:52
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 '18 at 13:25
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 '18 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 '18 at 13:29
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 '18 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 '18 at 13:49
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 '18 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 '18 at 13:52
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 '18 at 13:52
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375295%2fterraform-provisioner-local-exec-aws-cli%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53375295%2fterraform-provisioner-local-exec-aws-cli%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What account are you running the terraform under? Is it your account or a different one? If it is a different one, does it have the correct permissions?
– Jamie
Nov 19 '18 at 13:25
I am running this from an EC2 instance, with a role which assumes administrator access in another account, unless it is something to do with that? But I have manually switched roles and done this via the management GUI, the provider for AWS specifies the role in the other account - bit lots as to what is causing this
– user2086572
Nov 19 '18 at 13:29
your code worked for me running Terraform from my command line. I would look at the assume role.
– kenlukas
Nov 19 '18 at 13:49
Thanks for having a look, wondering if there could be something not obvious on this like a canned ACL stopping cross account or something - I'll go back and have a look at my permissions least I know this should work!
– user2086572
Nov 19 '18 at 13:52