[英]I want to update the trustpolicy of existing IAM role using AWS CDK
I want to update the trust policy of an existing IAM role using AWS CDK.我想使用 AWS CDK 更新现有 IAM 角色的信任策略。 But I am not finding the exact cdk property to do it.但我没有找到确切的 cdk 属性来做到这一点。 Please help me.请帮我。
Lets say Rolename my_rolename_1 with below trust policy假设 Rolename my_rolename_1具有以下信任策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::12345:role/role_1"
]
},
"Action": "sts:AssumeRole"
}
]
}
Now I want to add another aws account to trust policy arn:aws:iam::23451:role/role_2现在我想添加另一个 aws 帐户以信任策略 arn:aws:iam::23451:role/role_2
The trust policy of IAM role should get updated with IAM 角色的信任策略应该更新为
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::12345:role/role_1",
"arn:aws:iam::23451:role/role_2"
]
},
"Action": "sts:AssumeRole"
}
]
}
I am able to import the role using below command我可以使用以下命令导入角色
const Existingrole = iam.Role.fromRoleArn(this, 'Role', 'arn:aws:iam::11111:role/my_rolename_1',{
mutable: true,
});
But couldn't find exact property to attach/update trustpolicy with new cross account details.但是找不到确切的属性来使用新的跨帐户详细信息附加/更新信任策略。
The CDK cannot modify existing, external resources. CDK 无法修改现有的外部资源。 The reference returned from the fromRoleArn
method is read-only .从fromRoleArn
方法返回的引用是只读的。
The CDK CLI does have an actual (experimental) cdk import capability to bring existing resources into a CDK app. CDK CLI 确实具有实际(实验性) cdk 导入功能,可将现有资源导入 CDK 应用程序。 AWS::IAM::Role
is a resource type that is supported for importing . AWS::IAM::Role
是一种支持导入的资源类型。 After you import the role, you can modify it like other CDK resources.导入角色后,您可以像修改其他 CDK 资源一样对其进行修改。 Or, instead of importing, you could simply create a new role and delete the existing role.或者,您可以简单地创建一个新角色并删除现有角色,而不是导入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.