如何将 AWS CDK 中的 'any' 传递给存储桶策略
How to pass 'any' in AWS CDK to a bucket policy
我正在尝试使用 AWS CDK 将拒绝删除规则应用于任何委托人。这是我的代码
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [new iam.AccountPrincipal('*')],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
它不喜欢“*”,我收到错误 Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;
如何在 CDK 中传递任何主体?
语法正确:
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [ new iam.AnyPrincipal],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
其中 iam 是 import iam = require('@aws-cdk/aws-iam');
应该是new iam.AnyPrincipal()
示例可在此处显示:https://codeburst.io/getting-hands-dirty-with-aws-cdk-async-api-c5e007468497
我正在尝试使用 AWS CDK 将拒绝删除规则应用于任何委托人。这是我的代码
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [new iam.AccountPrincipal('*')],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
它不喜欢“*”,我收到错误 Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;
如何在 CDK 中传递任何主体?
语法正确:
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [ new iam.AnyPrincipal],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
其中 iam 是 import iam = require('@aws-cdk/aws-iam');
应该是new iam.AnyPrincipal()
示例可在此处显示:https://codeburst.io/getting-hands-dirty-with-aws-cdk-async-api-c5e007468497