What is wrong with my code ?
resource "aws_s3_bucket" "demo" {
bucket = "demo-2441139"
tags = {
Description = "Demo for Terraform S3"
}
}
resource "aws_s3_object" "demo-2024" {
content = "/home/rajarshi/terraform/aws/s3_test.txt"
key = "s3_test.txt"
bucket = aws_s3_bucket.demo.id
}
#Manually created group, attached
data "aws_iam_group" "demo-data" {
group_name = "Demo-group"
}
resource "aws_s3_bucket_policy" "demo-policy" {
bucket = aws_s3_bucket.demo.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::${aws_s3_bucket.demo.id}/*",
"Principal": {
"AWS": [
"${data.aws_iam_group.demo-data.arn}"
]
}
}
]
}
EOF
}
output of my code is
putting S3 Bucket (demo-2441139) Policy: operation error S3: PutBucketPolicy, https response error StatusCode: 400, RequestID: RXK32HRGG49G5839, HostID: leRuLnPxFnpwCwCIIsQgaqxCi2/RgXkmnnnREXSyWaA1io6FoK0UxLvnJKSmbKRTSThODZW6LPLKnQ7ck4FzqA==, api error MalformedPolicy: Invalid principal in policy
│
│ with aws_s3_bucket_policy.demo-policy,
│ on 02_create_s3.tf line 18, in resource “aws_s3_bucket_policy” “demo-policy”:
│ 18: resource “aws_s3_bucket_policy” “demo-policy” {