Principal * gets rejected by AWS, use cloudtrail.amazonaws.com instead.

10 years ago · 96f3f76118
parent 36997b2e70
commit 96f3f76118
1 changed files with 6 additions and 2 deletions
--- a/website/source/docs/providers/aws/r/cloudtrail.html.markdown
+++ b/website/source/docs/providers/aws/r/cloudtrail.html.markdown
@ -29,14 +29,18 @@ resource "aws_s3_bucket" "foo" {
        {
            "Sid": "AWSCloudTrailAclCheck",
            "Effect": "Allow",
-            "Principal": "*",
+            "Principal": {
+              "Service": "cloudtrail.amazonaws.com"
+            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::tf-test-trail"
        },
        {
            "Sid": "AWSCloudTrailWrite",
            "Effect": "Allow",
-            "Principal": "*",
+            "Principal": {
+              "Service": "cloudtrail.amazonaws.com"
+            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::tf-test-trail/*",
            "Condition": {