我无法在我的 cloudformation 代码中添加 "AWS": "*"
I cannot add "AWS": "*" in my cloudformation code
我有一个简单的 cloudformation,它创建一个附加了策略的存储桶。这是我的云形成代码:
---
AWSTemplateFormatVersion: '2010-09-09'
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: testforcfn
DeletionPolicy: Retain
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
Id: MyPolicy
Version: '2012-10-17'
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: "*"
Action: s3:GetObject
Resource:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: S3Bucket
- "/*"
Bucket:
Ref: S3Bucket
Outputs:
S3Info:
Value:
Ref: S3Bucket
一切正常,但是,在主体的存储桶策略中,我需要 "AWS":“”,而不是“”。因此,这里有更多解释是我想要的存储桶策略:
{
"Version": "2012-10-17",
"Id": "Policy1506624486110",
"Statement": [{
"Sid": "Stmt1506624421375",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testforcfn/*"
}]
}
所以这部分是我想在我的 cloudformation 代码中包含的部分:
"Principal": {
"AWS": "*"
}
当我在我的 cloudformation 中执行此操作时,出现错误:
Principal: "AWS:*"
知道如何解决这个问题吗?
我会尝试以下操作:
Principal:
AWS: "*"
你可以找到一个相关的例子here。
我有一个简单的 cloudformation,它创建一个附加了策略的存储桶。这是我的云形成代码:
---
AWSTemplateFormatVersion: '2010-09-09'
Resources:
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: testforcfn
DeletionPolicy: Retain
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
Id: MyPolicy
Version: '2012-10-17'
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: "*"
Action: s3:GetObject
Resource:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: S3Bucket
- "/*"
Bucket:
Ref: S3Bucket
Outputs:
S3Info:
Value:
Ref: S3Bucket
一切正常,但是,在主体的存储桶策略中,我需要 "AWS":“”,而不是“”。因此,这里有更多解释是我想要的存储桶策略:
{
"Version": "2012-10-17",
"Id": "Policy1506624486110",
"Statement": [{
"Sid": "Stmt1506624421375",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testforcfn/*"
}]
}
所以这部分是我想在我的 cloudformation 代码中包含的部分:
"Principal": {
"AWS": "*"
}
当我在我的 cloudformation 中执行此操作时,出现错误:
Principal: "AWS:*"
知道如何解决这个问题吗?
我会尝试以下操作:
Principal:
AWS: "*"
你可以找到一个相关的例子here。