diff options
Diffstat (limited to 'jinwei.me/infra/s3.tf')
-rw-r--r-- | jinwei.me/infra/s3.tf | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/jinwei.me/infra/s3.tf b/jinwei.me/infra/s3.tf index 58e0502..49f8e10 100644 --- a/jinwei.me/infra/s3.tf +++ b/jinwei.me/infra/s3.tf | |||
@@ -22,7 +22,7 @@ resource "aws_s3_bucket_policy" "main" { | |||
22 | } | 22 | } |
23 | 23 | ||
24 | data "aws_iam_policy_document" "bucket_policy" { | 24 | data "aws_iam_policy_document" "bucket_policy" { |
25 | # Allow Cloudflare to read from the bucket | 25 | # Allow Cloudfront to read from the bucket |
26 | statement { | 26 | statement { |
27 | principals { | 27 | principals { |
28 | type = "AWS" | 28 | type = "AWS" |
@@ -37,9 +37,9 @@ data "aws_iam_policy_document" "bucket_policy" { | |||
37 | "${aws_s3_bucket.main.arn}/*", | 37 | "${aws_s3_bucket.main.arn}/*", |
38 | ] | 38 | ] |
39 | condition { | 39 | condition { |
40 | test = "IpAddress" | 40 | test = "StringEquals" |
41 | variable = "AWS:SourceIp" | 41 | variable = "AWS:SourceArn" |
42 | values = data.cloudflare_ip_ranges.cloudflare.cidr_blocks | 42 | values = [aws_cloudfront_distribution.main.arn] |
43 | } | 43 | } |
44 | } | 44 | } |
45 | } | 45 | } |