如何使用 AWS CDK 将元数据添加到 IAM 策略?
[英]How to add Metadata to IAM Policy using AWS CDK?
问题描述
I'm need to add some Metadata into Cloudformation for a IAM Policy.
我需要为 IAM 策略将一些元数据添加到 Cloudformation 中。 How can I do this with CDK ?我怎样才能用 CDK 做到这一点?
I'm using the CDK to synth a cloudformation and I need to include a metadata to suppress cfn-nag ( https://github.com/stelligent/cfn_nag ) warnings.我正在使用 CDK 来合成 cloudformation,我需要包含一个元数据来抑制 cfn-nag ( https://github.com/stelligent/cfn_nag ) 警告。
I did the policy generation with the following statement:我用以下语句生成了策略:
const cfnCustomPolicy = new iam.CfnPolicy(scope,
'cfnCustomPolicy',
{
policyName: "CustomPolicy",
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "apigateway:GET",
Resource: [
"arn:aws:apigateway:us-east-1::/restapis/*/stages/*/exports/*"
]
}
]
}
}
);
cfnCustomPolicy.cfnOptions.metadata = {
cfn_nag: {
rules_to_suppress: [
{
id: "W12",
reason: "The lambda need access to export documents from any API"
}
]
}
}
There is a better way to do this using CDK, without using the L1 interface ?有没有使用 CDK 的更好方法来做到这一点,而不使用 L1 接口?
1 个解决方案
解决方案1
3 2020-04-04 00:53:21
Yes, that's the only way according to the documentation是的,这是根据文档的唯一方法
https://docs.aws.amazon.com/cdk/latest/guide/cfn_layer.html https://docs.aws.amazon.com/cdk/latest/guide/cfn_layer.html
However, this doesn't mean you can only create the construct using CfnXXX, you could do this with CDK constructs但是,这并不意味着您只能使用 CfnXXX 创建构造,您可以使用 CDK 构造来完成此操作
cfn_policy = self.policy.node.default_child
cfn_policy.cfn_options.metadata = {
"cfn_nag": {
"rules_to_suppress": [
{"id": "W9"},
{"id": "W2"}
]
}
}
I've tried node.add_metadata but apparently it only adds internal cdk metadata我试过 node.add_metadata 但显然它只添加了内部 cdk 元数据
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.