尝试使用 AWS-CDK 在 AWS IAM 中预置 IAM 用户
Trying to Provision IAM Users in AWS IAM with the AWS-CDK
我正在尝试为 IAM 用户提供 AWS-CDK。我目前在为我正在创建的用户提供临时密码时遇到问题,我正在尝试找到一种使用机密管理器的方法,因为我认为应该有更简单的方法来做到这一点。这是我下面的代码(我传递给“CisUser”的密码道具目前出错):
import cdk = require('@aws-cdk/core')
import * as logs from '@aws-cdk/aws-logs';
import s3 = require("@aws-cdk/aws-s3");
import * as cloudtrail from '@aws-cdk/aws-cloudtrail';
import cloudwatch = require('@aws-cdk/aws-cloudwatch');
import { User, Group } from "@aws-cdk/aws-iam";
import * as lambda from "@aws-cdk/aws-lambda"
import path = require('path');
import events = require("@aws-cdk/aws-events");
import * as targets from "@aws-cdk/aws-events-targets";
import { SecretValue } from '@aws-cdk/core';
export class CloudComplianceUserBaselineStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const CisUser = new User(this, 'CisUser',{
userName: 'CisUser',
password: 'testPassword12345%$',
passwordResetRequired: true,
})
const TestUser = new iam.User(this,"TestUser",{})
const adminGroup = new iam.Group(this, 'AdminGroup',{
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess")
]
})
const AuditGroup = new iam.Group(this,'AuditGroup',{
managedPolicies:[
iam.ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
]
})
AuditGroup.addUser(CisUser)
adminGroup.addUser(TestUser)
}}
提前致谢。
我认为我们应该在尝试传递密码字段时使用准确的类型
https://docs.aws.amazon.com/cdk/api/latest/docs/aws-iam-readme.html
import { SecretValue } from '@aws-cdk/core';
...
...
{
password: SecretValue.plainText('testPassword12345%$'),
}
我正在尝试为 IAM 用户提供 AWS-CDK。我目前在为我正在创建的用户提供临时密码时遇到问题,我正在尝试找到一种使用机密管理器的方法,因为我认为应该有更简单的方法来做到这一点。这是我下面的代码(我传递给“CisUser”的密码道具目前出错):
import cdk = require('@aws-cdk/core')
import * as logs from '@aws-cdk/aws-logs';
import s3 = require("@aws-cdk/aws-s3");
import * as cloudtrail from '@aws-cdk/aws-cloudtrail';
import cloudwatch = require('@aws-cdk/aws-cloudwatch');
import { User, Group } from "@aws-cdk/aws-iam";
import * as lambda from "@aws-cdk/aws-lambda"
import path = require('path');
import events = require("@aws-cdk/aws-events");
import * as targets from "@aws-cdk/aws-events-targets";
import { SecretValue } from '@aws-cdk/core';
export class CloudComplianceUserBaselineStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const CisUser = new User(this, 'CisUser',{
userName: 'CisUser',
password: 'testPassword12345%$',
passwordResetRequired: true,
})
const TestUser = new iam.User(this,"TestUser",{})
const adminGroup = new iam.Group(this, 'AdminGroup',{
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName("AdministratorAccess")
]
})
const AuditGroup = new iam.Group(this,'AuditGroup',{
managedPolicies:[
iam.ManagedPolicy.fromAwsManagedPolicyName("ReadOnlyAccess")
]
})
AuditGroup.addUser(CisUser)
adminGroup.addUser(TestUser)
}}
提前致谢。
我认为我们应该在尝试传递密码字段时使用准确的类型
https://docs.aws.amazon.com/cdk/api/latest/docs/aws-iam-readme.html
import { SecretValue } from '@aws-cdk/core';
...
...
{
password: SecretValue.plainText('testPassword12345%$'),
}