如何将 AWS CDK 中的“任何”传递给存储桶策略
[英]How to pass 'any' in AWS CDK to a bucket policy
问题描述
I am trying to apply Deny delete rule to any principal with AWS CDK.
我正在尝试使用 AWS CDK 将拒绝删除规则应用于任何委托人。 Here is my code这是我的代码
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [new iam.AccountPrincipal('*')],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
It does not like '*' and I am getting error Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;它不喜欢“*”,并且我收到错误无效的政策主体(服务:Amazon S3;状态代码:400;错误代码:MalformedPolicy;
How do I pass any principal in CDK ?我如何通过 CDK 中的任何主体?
2 个解决方案
解决方案1
2 已采纳 2020-01-05 22:14:41
should be new iam.AnyPrincipal()应该是new iam.AnyPrincipal()
examples can be shown here : https://codeburst.io/getting-hands-dirty-with-aws-cdk-async-api-c5e007468497示例可以在这里显示: https : //codeburst.io/getting-hands-dirty-with-aws-cdk-async-api-c5e007468497
解决方案2
1 2020-01-05 21:04:35
So correct syntax:所以正确的语法:
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [ new iam.AnyPrincipal],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
where iam is import iam = require('@aws-cdk/aws-iam');其中 iam 是 import iam = require('@aws-cdk/aws-iam');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.