Terraform S3 Bucket Policy Not Applying Correctly with Dynamic Block Configuration
Hey everyone, I'm running into an issue that's driving me crazy. Hey everyone, I'm running into an issue that's driving me crazy. I'm experiencing an issue where my S3 bucket policy is not applying the expected permissions when I use a dynamic block to specify multiple principals. I'm using Terraform 1.3.5, and I've defined my S3 bucket along with a dynamic block to iterate over a list of principals. However, the resulting policy seems to only allow the first principal and ignores the rest. Here is the relevant snippet: ```hcl resource "aws_s3_bucket" "my_bucket" { bucket = "my-unique-bucket-name" } variable "principals" { type = list(string) default = ["arn:aws:iam::123456789012:role/ExampleRole1", "arn:aws:iam::123456789012:role/ExampleRole2"] } resource "aws_s3_bucket_policy" "my_bucket_policy" { bucket = aws_s3_bucket.my_bucket.id policy = jsonencode({ Version = "2012-10-17" Statement = [ for principal in var.principals : { Effect = "Allow" Principal = { "AWS" = principal } Action = "s3:GetObject" Resource = "${aws_s3_bucket.my_bucket.arn}/*" } ] } ) } ``` When I apply this configuration, the policy only grants access to the first role in the list. I tried to output the generated policy by adding an output block to see what it looks like, and I noticed that the dynamic block doesn't seem to be generating the expected JSON structure. Additionally, I’ve tried breaking down the dynamic block into a static one with hard-coded principals, and it works perfectly, which leads me to believe the issue is tied to how the dynamic block is processing the list. Has anyone faced a similar issue with dynamic blocks and AWS policies in Terraform? Any insights or workarounds would be greatly appreciated! I'd really appreciate any guidance on this. How would you solve this?