yandex_storage_bucket_policy (Resource)
Статья создана
Обновлена 26 сентября 2025 г.
Allows management of policy of an existing Yandex Cloud Storage Bucket.
Важно
By default, for authentication, you need to use IAM token with the necessary permissions.
Важно
Alternatively, you can provide static access keys (Access and Secret). To generate these keys, you will need a Service Account with the appropriate permissions.
Важно
"Version" element is required and must be set to 2012-10-17.
Example usage
provider "yandex" {
cloud_id = "<my_cloud_id>"
folder_id = "<my_folder_id>"
storage_access_key = "<my_storage_access_key>"
storage_secret_key = "<my_storage_secret_key>"
token = "<my_iam_token>"
}
resource "yandex_storage_bucket_policy" "my_policy_0" {
bucket = "my_bucket_name_0"
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-policy-bucket/*",
"arn:aws:s3:::my-policy-bucket"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::my-policy-bucket/*",
"arn:aws:s3:::my-policy-bucket"
]
}
]
}
POLICY
}
Schema
Required
bucket(String) The name of the bucket.policy(String) The text of the policy.
Optional
access_key(String, Sensitive) The access key to use when applying changes. This value can also be provided asstorage_access_keyspecified in provider config (explicitly or withinshared_credentials_file) is used.secret_key(String, Sensitive) The secret key to use when applying changes. This value can also be provided asstorage_secret_keyspecified in provider config (explicitly or withinshared_credentials_file) is used.
Import
# The resource can be imported by using their resource ID.
# For getting a resource ID you can use Yandex Cloud Web UI or YC CLI.
# terraform import yandex_storage_bucket_policy.<resource_name> resource_id
terraform import yandex_storage_bucket_policy.<resource_name> ...