I am trying to apply Deny delete rule to any principal with AWS CDK. Here is my code
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [new iam.AccountPrincipal('*')],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
It does not like '*' and I am getting error Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;
How do I pass any principal in CDK ?
should be new iam.AnyPrincipal()
examples can be shown here : https://codeburst.io/getting-hands-dirty-with-aws-cdk-async-api-c5e007468497
So correct syntax:
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [ new iam.AnyPrincipal],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
where iam is import iam = require('@aws-cdk/aws-iam');
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.