如何将 AWS CDK 中的 'any' 传递给存储桶策略

How to pass 'any' in AWS CDK to a bucket policy

我正在尝试使用 AWS CDK 将拒绝删除规则应用于任何委托人。这是我的代码

flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
      effect: iam.Effect.DENY,
      actions: ["s3:DeleteBucket"],
      principals: [new iam.AccountPrincipal('*')],
      resources:  ["arn:aws:s3:::" + flowlogBucket.bucketName]                          
        }));

它不喜欢“*”,我收到错误 Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;

如何在 CDK 中传递任何主体?

语法正确:

flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
      effect: iam.Effect.DENY,
      actions: ["s3:DeleteBucket"],
      principals: [ new iam.AnyPrincipal],
      resources:  ["arn:aws:s3:::" + flowlogBucket.bucketName]                          
        }));

其中 iam 是 import iam = require('@aws-cdk/aws-iam');

应该是new iam.AnyPrincipal()

示例可在此处显示:https://codeburst.io/getting-hands-dirty-with-aws-cdk-async-api-c5e007468497