How to avoid cycle error when setting an S3 bucket policy with a template that depends on the bucket name?

You could build the ARN of the bucket yourself:

locals {
  bucket_name = "example"
  bucket_arn  = "arn:aws:s3:::${local.bucket_name}"
}

data "template_file" "bucket_policy" {
  template = file("${path.module}/policy.json")
  vars = {
    bucket = local.bucket_arn
  }
}

resource "aws_s3_bucket" "website" {
  bucket = local.bucket_name

  website {
    index_document = "index.html"
  }

  policy = data.template_file.bucket_policy.rendered
}

You can use the aws_s3_bucket_policy resource. This allows you to create the resources without a circular dependency.

This way, Terraform can:

  1. Create the bucket
  2. Create the template file, using the bucket ARN
  3. Create the policy, referring back to the template file and attaching it to the bucket.

The code would look something like this:

data "template_file" "bucket_policy" {
  template = file("${path.module}/policy.json")
  vars = {
    bucket = aws_s3_bucket.website.arn
  }
}

resource "aws_s3_bucket" "website" {
  bucket = "xxx-website"

  website {
    index_document = "index.html"
  }
}

resource "aws_s3_bucket_policy" "b" {
  bucket = "${aws_s3_bucket.website.id}"

  policy = data.template_file.bucket_policy.rendered
}

Tags:

Amazon Web Services

Terraform

Terraform Template File

Terraform Provider Aws

Recent Posts