Anyone from Hashicorp -- y'all are gonna end me. Please put the best way to do things into your own docs. You have <a href="https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html" rel="nofollow">https://www.terraform.io/docs/providers/aws/d/iam_policy_doc...</a> and can do<p><pre><code> data "aws_iam_policy_document" "s3_bucket" {
version = "2012-10-17"
statement {
sid = "PublicReadGetObject"
principals {
type = "*"
identifiers = ["*"]
}
actions = [
"s3:GetObject"
]
resources = [
"arn:aws:s3:::${var.bucket_name}/*"
]
}
}
resource "aws_s3_bucket" "s3_bucket" {
bucket = var.bucket_name
acl = "public-read"
policy = data.aws_iam_policy_document.s3_bucket.json
website {
index_document = "index.html"
error_document = "error.html"
}
tags = var.tags
}</code></pre>
Since HN threads often attract a bit of a negative vibe, may I take the opportunity to say to any Hashicorp employees reading this that I think your products are fantastic.<p>Terraform is particularly excellent, but everything you produce is carefully designed, well built, and reliable.<p>So great job, Hashicorp. Keep it up.