![](/img/trans.png)
[英]Does AWS CloudFormation support Tags Property Attribute for AWS::EC2::VPCEndpoint
[英]AWS CloudFormation Substitute VPCEndPoint Policy
我想創建 S3 存儲桶並為此存儲桶創建端點。
我將資源定義如下:
myS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub 'my-${ENVL}-${AWS::AccountId}'
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
DeletionPolicy: Delete
myS3VpcEndpoint:
Type: AWS::EC2::VPCEndpoint
Properties:
PolicyDocument: '{
"Version":"2012-10-17",
"Statement":[{
"Effect":"Allow",
"Principal": "*",
"Action":["s3:*"],
"Resource":!Sub ["${!GetAtt myS3Bucket.Arn}/*"]
}]
}'
RouteTableIds:
- !Ref myIntRouteTable
- !Ref myPriRouteTable
ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
VpcId: !Ref myVPC
如何在策略 object 中引用我的 s3 存儲桶。
"資源":.Sub ["${!GetAtt myS3Bucket.Arn}/*"]不工作。
謝謝, 帕里
這很簡單,我又看了一次 YAML。
PolicyDocument: !Sub
- '{
"Version":"2008-10-17",
"Statement":[{
"Effect":"Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::${s3Bucket}", "arn:aws:s3:::${s3Bucket}/*"]
}]
}'
- {s3Bucket: !Sub "my-${ENVL}-${AWS::AccountId}"}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.