AWS CDK IAM Typescript:遍历要分配的自定义策略数组
[英]AWS CDK IAM Typescript: iterating over an array of custom policies to assign
问题描述
I'm trying to map over a list of policies when creating IAM users in CDK (Typescript).
在 CDK(Typescript)中创建 IAM 用户时,我正在尝试通过策略列表 map。 The list looks like this:该列表如下所示:
name: "group",
managedPolicies: [
"IAMUserChangePassword",
"job-function/SystemAdministrator",
],
customPolicies: [
"ManageMFACustomPolicy",
],
then the groups are added by然后通过添加组
props.groups.forEach((group) => {
const iamGroup = new iam.Group(scope, group.name, {
groupName: group.name,
managedPolicies: group.managedPolicies?.map(iam.ManagedPolicy.fromAwsManagedPolicyName),
customPolicies: group.customPolicies?.map(iam.fromManagedPolicyName.managedPolicyName),
});
My issue is that custom policies are treated differently than managed policies.我的问题是自定义策略的处理方式与托管策略不同。 The managed policies mapping works.托管策略映射有效。 The custom policy does not.自定义策略没有。 I know that the policy itself works if I explicitly assign it.我知道如果我明确分配它,该政策本身就会起作用。
This is the error I get这是我得到的错误
Argument of type '{ groupName: string; managedPolicies: iam.IManagedPolicy[]; customPolicies: unknown[]; }' is not assignable to parameter of type 'GroupProps'.
Object literal may only specify known properties, and 'customPolicies' does not exist in type 'GroupProps'.
customPolicies: group.customPolicies?.map(iam.fromManagedPolicyName.managedPolicyName),
I realize now from the group construct docs that I was trying to use a nonexistent prop.我现在从组构造文档中意识到我正在尝试使用不存在的道具。 Is there another method I should try to enumerate and add the array of custom policies?我应该尝试枚举并添加自定义策略数组吗? I'm just getting started with the CDK so I'm probably missing it in the docs.我刚刚开始使用 CDK,所以我可能在文档中遗漏了它。 TIA!蒂亚!
UPDATE ----更新 - -
I just wanted to update this, my idea about switching the type to managedpolicy doesn't work because they have to be ref'd via ARN so you get我只是想更新这个,我关于将类型切换为 managedpolicy 的想法不起作用,因为它们必须通过 ARN 进行引用,所以你得到
Policy arn:aws:iam::aws:policy/ManageMFA does not exist or is not attachable. (Service: AmazonIdentityManagement; Status Code: 404; Error Code: NoSuchEntity; R equest ID: fc8ae611-74bc-4e46-8f94-f2d3b5dff0cc; Proxy: null)
Jason's answer about inlinepolicy is correct杰森关于 inlinepolicy 的回答是正确的
1 个解决方案
解决方案1
1 已采纳 2021-04-02 19:22:25
There isn't a customPolicies attribute on IAM Group Props . IAM Group Props上没有customPolicies属性。 Are you just trying to attach a named inline policy?你只是想附加一个命名的内联策略吗? For that you'd need to create the group and then call attachInlinePolicy .为此,您需要创建组,然后调用attachInlinePolicy 。 That call requires a full policy though, not just a name.但是,该调用需要完整的策略,而不仅仅是名称。
If you are just trying to attach a named policy that you created (aka Customer Managed Policy) it would be the same as an AWS managed policy, so it goes in the same list as the others.如果您只是尝试附加您创建的命名策略(也称为客户托管策略),它将与 AWS 托管策略相同,因此它与其他策略位于相同的列表中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.