问题描述
这里是参数 - S3 存储桶名称列表:
Parameters:
S3BucketNames:
Description: Enter S3 Bucket Names
Type: CommaDelimitedList
Default: my-first-bucket,testing-bucket,codepipeline-bucket
需要为 Getobject、PutObject 操作制定策略 IAM 策略,当 arn 必须采用适合 IAM 策略的以下格式时:
arn:${Partition}:s3:::${BucketName}/${ObjectName}
在我的例子中它应该是这样的:
"arn:aws:s3:::my-first-bucket/*","arn:aws:s3:::testing-bucket/*","arn:aws:s3:::codepipeline-bucket/*"
解决方法
我不得不考虑一下如何才能完成它,当您知道时很明显,但也许会对某人有所帮助:
S3RolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: DemoPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
Resource: !Split
- ","
- !Sub
- arn:aws:s3:::${S3Middle}/*
- S3Middle: !Join [ "/*,arn:aws:s3:::",!Ref S3BucketNames ]
这不是完整的 CloudFormation 模板 - 只是示例和平