【发布时间】:2020-01-05 19:29:37
【问题描述】:
我正在尝试使用 AWS CDK 将拒绝删除规则应用于任何委托人。这是我的代码
flowlogBucket.addToResourcePolicy(new iam.PolicyStatement({
effect: iam.Effect.DENY,
actions: ["s3:DeleteBucket"],
principals: [new iam.AccountPrincipal('*')],
resources: ["arn:aws:s3:::" + flowlogBucket.bucketName]
}));
它不喜欢“*”,我收到错误 Invalid principal in policy (Service: Amazon S3; Status Code: 400; Error Code: MalformedPolicy;
如何在 CDK 中传递任何主体?
【问题讨论】:
标签: amazon-web-services aws-cdk