使用CDK创建自定义AWS IAM策略 [英] create custom AWS IAM policy using CDK
本文介绍了使用CDK创建自定义AWS IAM策略的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
根据文档:https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Policy.html
我可以创建自己的策略并附加到角色,但是它没有创建新策略,而是作为内联策略附加到角色.我想使用arn创建自定义策略,以便可以附加到我想要的其他角色
I could create my own policy and attach to role but it is not creating a new policy rather attached as inline policy to the role. I want to create a custom policy with an arn so that I can attach to other roles I want
我尝试过的事情
new Policy(..)
new iam.PolicyStatement()
addStatements()
attachToRole()
请让我知道如何创建自定义托管策略
Please let me know how can I create custom managed policy
推荐答案
I should have been more specific in the previous question and should have said to use ManagedPolicy. Here is a the solution you are looking for :
const role = new Role(this, 'MyRole', {
assumedBy: new ServicePrincipal('ec2.amazonaws.com'),
});
const policy = new ManagedPolicy(this, "MyManagedPolicy", {
statements: [
new PolicyStatement({
effect: Effect.ALLOW,
actions: ["s3:*"],
resources: ["*"]
})
],
roles: [role]
});
// Either use roles property inside ManagedPolicy or use attachToRole below,
// Both will yield the same result
// Creates a managed policy and then attaches the policy to role
// policy.attachToRole(role);
这篇关于使用CDK创建自定义AWS IAM策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文