Allow s3:DeleteObject on tf state bucket (#10)

Otherwise we cannot delete a terraform workspace. As it is a versioned bucket and the iam policy doesn't give s3:DeleteObjectVersion permissions, all deleted state files will remain in the bucket as old versions.

Allow s3:DeleteObject on tf state bucket (#10)
bf29d04e · iuri aranda · GitHub · ff93e0a5 · bf29d04e
Unverified Commit bf29d04e authored 6 years ago by iuri aranda Committed by GitHub 6 years ago
--- a/s3/iam_policy.tf
+++ b/s3/iam_policy.tf
@@ -11,6 +11,7 @@ data "aws_iam_policy_document" "tf" {
    actions = [
      "s3:GetObject",
      "s3:PutObject",
+      "s3:DeleteObject",
    ]

    resources = ["${aws_s3_bucket.state.arn}/*"]