我正在尝试使用 AWS CDK 编写我的基础设施,而不是像以前那样使用控制台构建它。我正在编写我的 S3 存储桶策略,对如何提供条件感到困惑。我的目标是从 AWS 控制台重新创建此存储桶策略,该策略按预期工作:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::**********/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "*********"
}
}
}
]
}
我当前存储桶策略的 aws cdk 代码如下所示:
const bucketPolicy = new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [`${bucket.bucketArn}/*`],
principals: [new iam.Anyone()],
conditions: ...
});
提前感谢您的帮助!
我只是通过这样做解决了它:
const bucketPolicy = new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [`${bucket.bucketArn}/*`],
principals: [new iam.Anyone()],
conditions: {
'IpAddress': {
'aws:SourceIp': '***.***.***.***'
}
}
});
Small update.
iam.任何人都被弃用。使用 iam。任何校长代替
const bucketPolicy = new iam.PolicyStatement({
actions: ['s3:GetObject'],
resources: [bucket.arnForObjects('*')],
principals: [new iam.AnyPrincipal()],
conditions: {
'IpAddress': {
'aws:SourceIp': '***.***.***.***'
}
}
});