refined-terabyte-65361
08/18/2021, 5:47 PMimport * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
// Create an AWS resource (S3 Bucket)
const bucketName = "cent-serv-logs";
const accessLogsBucket = new aws.s3.Bucket(`${bucketName}`, {
bucket: `${bucketName}`,
});
const accessBucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(
"accessBucketPublicAccessBlock",
{
bucket: accessLogsBucket.id,
blockPublicAcls: true,
blockPublicPolicy: true,
ignorePublicAcls: true,
restrictPublicBuckets: true,
}
);
const accessbucketPolicy = new aws.s3.BucketPolicy(
`central-server-access-logs-policy`,
{
bucket: accessLogsBucket.bucket,
policy: accessLogsBucket.bucket.apply(accessLogsBucketPolicy),
}
);
function accessLogsBucketPolicy(bucketName: string) {
return JSON.stringify({
Version: "2012-10-17",
Id: "AWSConsole-AccessLogs-Policy-16287xxxx",
Statement: [
{
Sid: "AWSConsoleStmt-16xxxx",
Effect: "Allow",
Principal: {
AWS: "arn:aws:iam::79787xxx:root",
},
Action: "s3:PutObject",
Resource: `arn:aws:s3:::${bucketName}/*`,
},
{
Sid: "AWSLogDeliveryWrite",
Effect: "Allow",
Principal: {
Service: "<http://delivery.logs.amazonaws.com|delivery.logs.amazonaws.com>",
},
Action: "s3:PutObject",
Resource: `arn:aws:s3:::${bucketName}/*`,
Condition: {
StringEquals: {
"s3:x-amz-acl": "bucket-owner-full-control",
},
},
},
{
Sid: "AWSLogDeliveryAclCheck",
Effect: "Allow",
Principal: {
Service: "<http://delivery.logs.amazonaws.com|delivery.logs.amazonaws.com>",
},
Action: "s3:GetBucketAcl",
Resource: `arn:aws:s3:::${bucketName}`,
},
],
});
}
error:
error: 1 error occurred:
* Error putting S3 policy: OperationAborted: A conflicting conditional operation is currently in progress against this resource. Please try again.
status code: 409,
used example from here
https://www.pulumi.com/docs/aws/s3/#create-an-aws-s3-resource-using-pulumiawsbillowy-army-68599
08/18/2021, 5:58 PMrefined-terabyte-65361
08/18/2021, 6:00 PM