使用CDK创建自定义AWS IAM策略 [英] create custom AWS IAM policy using CDK

问题描述

根据文档:https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Policy.html

我可以创建自己的策略并附加到角色，但是它没有创建新策略，而是作为内联策略附加到角色.我想使用arn创建自定义策略，以便可以附加到我想要的其他角色

I could create my own policy and attach to role but it is not creating a new policy rather attached as inline policy to the role. I want to create a custom policy with an arn so that I can attach to other roles I want

我尝试过的事情

new Policy(..)
new iam.PolicyStatement()
addStatements()
attachToRole()

请让我知道如何创建自定义托管策略

Please let me know how can I create custom managed policy

推荐答案

在上一个问题中，我应该更加具体，应该说使用

I should have been more specific in the previous question and should have said to use ManagedPolicy. Here is a the solution you are looking for :

 const role = new Role(this, 'MyRole', {
   assumedBy: new ServicePrincipal('ec2.amazonaws.com'),
 });

 const policy = new ManagedPolicy(this, "MyManagedPolicy", {
   statements: [
     new PolicyStatement({
       effect: Effect.ALLOW,
       actions: ["s3:*"],
       resources: ["*"]
     })
   ],
   roles: [role]
 });

 // Either use roles property inside ManagedPolicy or use attachToRole below,
 // Both will yield the same result
 // Creates a managed policy and then attaches the policy to role

 // policy.attachToRole(role);

这篇关于使用CDK创建自定义AWS IAM策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！