How to pass 'any' in AWS CDK to a bucket policy

Question

I am trying to apply Deny delete rule to any principal with AWS CDK. Here is my code

flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
      effect: iam.Effect.DENY,
      actions: ["s3:DeleteBucket"],
      principals: [new iam.AccountPrincipal('*')],
      resources:  ["arn:aws:s3:::" + flowlogBucket.bucketName]                          
        }));

It does not like '*' and I am getting error Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;

How do I pass any principal in CDK ?

Answer 1

should be new iam.AnyPrincipal()

examples can be shown here : https://codeburst.io/getting-hands-dirty-with-aws-cdk-async-api-c5e007468497

Answer 2

So correct syntax:

flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
      effect: iam.Effect.DENY,
      actions: ["s3:DeleteBucket"],
      principals: [ new iam.AnyPrincipal],
      resources:  ["arn:aws:s3:::" + flowlogBucket.bucketName]                          
        }));

where iam is import iam = require('@aws-cdk/aws-iam');