AWSCDK-Role.addManagedPolicydoesnotworkforimportedroles _程序开发

AWSCDK-Role.addManagedPolicydoesnotworkforimportedroles

创始人

2024-09-24 01:30:32

0次

若在CDK中，您导入了一个AWS Identity and Access Management (IAM)角色，并且希望使用CDK来为该角色添加托管策略，则会发现Role.addManagedPolicy方法无法正常工作。

要解决这个问题，需要手动调用AWS SDK来将策略附加到角色身上。以下是一个示例代码：

import * as cdk from 'aws-cdk-lib';
import * as iam from 'aws-cdk-lib/aws-iam';
import * as aws_sdk from 'aws-sdk';

const app = new cdk.App();

const stack = new cdk.Stack(app, 'MyStack');

// Import the IAM role you want to attach a managed policy to
const importedRoleArn = 'arn:aws:iam::123456789012:role/MyImportedRole';
const importedRole = iam.Role.fromRoleArn(stack, 'ImportedRole', importedRoleArn);

// Create the managed policy you want to attach
const policyStatement = new iam.PolicyStatement({
  effect: iam.Effect.ALLOW,
  resources: ['*'],
  actions: ['s3:GetObject'],
});
const policyDocument = new iam.PolicyDocument({
  statements: [policyStatement],
});
const managedPolicy = new iam.ManagedPolicy(stack, 'MyManagedPolicy', {
  policyName: 'MyManagedPolicy',
  document: policyDocument,
});

// Attach the managed policy to the role using the AWS SDK
const IAM_CLIENT = new aws_sdk.IAM();
const roleParams = {
  RoleName: importedRole.roleName,
  PolicyArn: managedPolicy.managedPolicyArn,
};
IAM_CLIENT.attachRolePolicy(roleParams, (err: any, data: any) => {
  if (err) {
    console.log(err, err.stack);
  } else {
    console.log(data);
  }
});

通过使用上述代码，您可以在导入的角色上成功添加托管策略，而无需使用CDK中的Role.addManagedPolicy方法。

上一篇：AWSCDK-嵌套APIGateway模型验证

下一篇：AWSCDK-如何在为容器指定秘密时访问SecretsManager秘密中的单个（JSON）值？

AWSCDK-Role.addManagedPolicydoesnotworkforimportedroles

相关内容

热门资讯