Create main.tf

s3_terraform/main.tf

@@ -0,0 +1,49 @@
+# main.tf
+resource "aws_s3_bucket" "example" {
+  bucket = "my-tf-example-bucket"
+    tags = {
+      Name        = "MyS3Bucket"
+      Environment = "Production"
+    }
+}
+resource "aws_s3_bucket_acl" "example" {
+  bucket = aws_s3_bucket.example.id
+  acl    = "private"
+}
+resource "aws_s3_bucket" "log_bucket" {
+  bucket = "my-tf-log-bucket"
+    tags = {
+      Name        = "MyLogBucket"
+      Environment = "Production"
+    }
+}
+resource "aws_s3_bucket_acl" "log_bucket_acl" {
+  bucket = aws_s3_bucket.log_bucket.id
+  acl    = "log-delivery-write"
+}
+resource "aws_s3_bucket_logging" "example" {
+  bucket        = aws_s3_bucket.example.id
+  target_bucket = aws_s3_bucket.log_bucket.id
+  target_prefix = "log/"
+}
+
+resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
+  bucket = aws_s3_bucket.example.id
+  policy = data.aws_iam_policy_document.allow_access_from_another_account.json
+}
+data "aws_iam_policy_document" "allow_access_from_another_account" {
+  statement {
+    principals {
+      type        = "AWS"
+      identifiers = ["123456789012"]
+    }
+    actions = [
+      "s3:GetObject",
+      "s3:ListBucket",
+    ]
+    resources = [
+      aws_s3_bucket.example.arn,
+      "${aws_s3_bucket.example.arn}/*",
+    ]
+  }
+}