aws/s3_bucket: Add support for bucket policy

[tehnorm]

It would be great to be able to manage the S3 bucket policy from terraform. This would allow a finer degree of control that is not possible from the canned ACL perspective.

Pontential Syntax:

resource "aws_s3_bucket" "b" {
    bucket = "my_tf_test_bucket"
    acl = "private"
    policy = "{
        "Version": "2012-10-17",
        "Id": "http referer policy example",
        "Statement": [
            {
                "Sid": "Allow get requests originated from developer machines",
                "Effect": "Allow",
                "Principal": "*",
                "Action": "s3:GetObject",
                "Resource": "arn:aws:s3:::my_tf_test_bucket/*",
                "Condition": {
                    "StringLike": {
                        "aws:Referer": [
                            "http://*.localhost/*",
                        ]
                    }
                }
            }
        ]
    }"
}

A potential issue if the policy is a string json blob any changes to the blob would result in the bucket being torn down and recreated? Being a terraform noob I'm not sure if there is a different way to handle it?

[ketzacoatl]

+1

[phinze]

Hey there - we're consolidating Requests for AWS API Coverage over in the spreadsheet linked at #28 - head over there to record your username on what you'd like us to prioritize next! (This would be s3.PutBucketPolicy I believe.)

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.