I had a problem using Terraform (v0.9.2) adding services to ELB (I use: https://github.com/segmentio/stack/blob/master/s3-logs/main.tf ).
When I run terraform apply , I get this error:
* module.solr.module.elb.aws_elb.main: 1 error(s) occurred: * aws_elb.main: Failure configuring ELB attributes: InvalidConfigurationRequest: Access Denied for bucket: my-service- logs. Please check S3bucket permission status code: 409, request id: xxxxxxxxxx-xxxx-xxxx-xxxxxxxxx
My service looks like this:
module "solr" { source = "github.com/segmentio/stack/service" name = "${var.prefix}-${terraform.env}-solr" environment = "${terraform.env}" image = "123456789876.dkr.ecr.eu-west-2.amazonaws.com/my-docker-image" subnet_ids = "${element(split(",", module.vpc_subnets.private_subnets_id), 3)}" security_groups = "${module.security.apache_solr_group}" port = "8983" cluster = "${module.ecs-cluster.name}" log_bucket = "${module.s3_logs.id}" iam_role = "${aws_iam_instance_profile.ecs.id}" dns_name = "" zone_id = "${var.route53_zone_id}" }
My s3-logs bucket looks like this:
module "s3_logs" { source = "github.com/segmentio/stack/s3-logs" name = "${var.prefix}" environment = "${terraform.env}" account_id = "123456789876" }
I checked in S3 and the bucket policy looks like this:
{ "Version": "2012-10-17", "Id": "log-bucket-policy", "Statement": [ { "Sid": "log-bucket-policy", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789876:root" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::my-service-logs/*" } ] }
As far as I can see, the ELB should have access to the S3 bucket for storing logs (it works in the same AWS account).
The bucket and ELB are in eu-west-2 .
Any ideas on what could be the problem would be much appreciated.