stackoom
  简体   繁体   中英

AWS CDK IAM Typescript: iterating over an array of custom policies to assign

 原文  2021-04-02 18:59:21       typescript/ amazon-web-services/ amazon-iam/ aws-cdk

Question

I'm trying to map over a list of policies when creating IAM users in CDK (Typescript). The list looks like this:

name: "group",
    managedPolicies: [
      "IAMUserChangePassword",
      "job-function/SystemAdministrator",
    ],
    customPolicies: [
      "ManageMFACustomPolicy",
    ],

then the groups are added by

 props.groups.forEach((group) => {
  const iamGroup = new iam.Group(scope, group.name, {
    groupName: group.name,
    managedPolicies: group.managedPolicies?.map(iam.ManagedPolicy.fromAwsManagedPolicyName),
    customPolicies: group.customPolicies?.map(iam.fromManagedPolicyName.managedPolicyName),
  });

My issue is that custom policies are treated differently than managed policies. The managed policies mapping works. The custom policy does not. I know that the policy itself works if I explicitly assign it.

This is the error I get

Argument of type '{ groupName: string; managedPolicies: iam.IManagedPolicy[]; customPolicies: unknown[]; }' is not assignable to parameter of type 'GroupProps'.
  Object literal may only specify known properties, and 'customPolicies' does not exist in type 'GroupProps'.

  customPolicies: group.customPolicies?.map(iam.fromManagedPolicyName.managedPolicyName),

I realize now from the group construct docs that I was trying to use a nonexistent prop. Is there another method I should try to enumerate and add the array of custom policies? I'm just getting started with the CDK so I'm probably missing it in the docs. TIA!

UPDATE ----

I just wanted to update this, my idea about switching the type to managedpolicy doesn't work because they have to be ref'd via ARN so you get

Policy arn:aws:iam::aws:policy/ManageMFA does not exist or is not attachable. (Service: AmazonIdentityManagement; Status Code: 404; Error Code: NoSuchEntity; R equest ID: fc8ae611-74bc-4e46-8f94-f2d3b5dff0cc; Proxy: null)

Jason's answer about inlinepolicy is correct

1 answers

solution1
 1 ACCPTED  2021-04-02 19:22:25

There isn't a customPolicies attribute on IAM Group Props . Are you just trying to attach a named inline policy? For that you'd need to create the group and then call attachInlinePolicy . That call requires a full policy though, not just a name.

If you are just trying to attach a named policy that you created (aka Customer Managed Policy) it would be the same as an AWS managed policy, so it goes in the same list as the others.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Iterating over array of objects in typescript AWS CDK PatchBaseline - TypeScript Iterating over an array of tuples using Typescript Iterating over a Typescript Map with Array as value on HTML Iterating over an array and changing items in typescript AWS CDK CfnMaintenanceWindowTask/taskInvocationParameters - TypeScript Debugging TypeScript AWS CDK application AWS CDK - SecurityGroup creation Typescript Typescript - AWS CDK Enable CORS iterating over 'iterables' in Typescript
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM