AWS CDK 中 S3 存储桶策略中的白名单 IP 地址
[英]Whitelist IP Address in S3 Bucket Policy in AWS CDK
问题描述
I am trying to write my infrastructure using AWS CDK as opposed to building it with the console as I had previously.
我正在尝试使用 AWS CDK 编写我的基础设施,而不是像以前那样使用控制台构建它。 I am writing my S3 bucket policy and am confused on how to give conditions.我正在编写我的 S3 存储桶策略,并且对如何提供条件感到困惑。 My goal is to recreate this Bucket Policy from the AWS Console that works as intended:我的目标是从按预期工作的 AWS 控制台重新创建此存储桶策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::**********/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "*********"
}
}
}
]
}
My current aws cdk code for my bucket policy looks like this:我当前的存储桶策略的 aws cdk 代码如下所示:
const bucketPolicy = new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [`${bucket.bucketArn}/*`],
principals: [new iam.Anyone()],
conditions: ...
});
Thanks for your help in advance!提前感谢您的帮助!
2 个解决方案
解决方案1
2 2020-05-27 17:14:50
I just solved it by doing this:我只是通过这样做解决了它:
const bucketPolicy = new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [`${bucket.bucketArn}/*`],
principals: [new iam.Anyone()],
conditions: {
'IpAddress': {
'aws:SourceIp': '***.***.***.***'
}
}
});
解决方案2
0 2021-02-05 10:17:41
Small update.小更新。
iam.Anyone is deprecated. iam.Anyone 已被弃用。 Use iam.AnyPrincipal instead改用 iam.AnyPrincipal
const bucketPolicy = new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [bucket.arnForObjects('*')],
principals: [new iam.AnyPrincipal()],
conditions: {
'IpAddress': {
'aws:SourceIp': '***.***.***.***'
}
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.