问题描述
每当我添加以下策略时,@H_404_0@
cdk deploy命令就会失败:
s3BucketofFrontend.addToResourcePolicy(new iam.PolicyStatement({
effect: Effect.DENY,actions: ['s3:*'],resources: [s3BucketofFrontend.arnForObjects('*')],principals: [new iam.AnyPrincipal()],conditions: {
'NotIpAddress': {
'aws:SourceIp': deFinitions.permittedProxyIPs // list of IP strings
}
}
}))
Custom::CDKBucketDeployment | my-cdk-ts-deployment-bucket/Customresource/Default (mycdktsdeploymentbucketCustomresource1FF9A593) Failed to create resource. Command '['python3','/var/task/aws','s3','sync','--delete','/tmp/tmpvs26w_jk/contents','s3://my-frontend-stack-mycdktsbucket46f56458-1dxm7rpoe13nf/']' returned non-zero exit status 1
详细说明:
@H_404_0@我的S3存储桶只能用于特定的IP地址。我正在尝试使用CDK部署它:cdk synth
cdk bootstrap --public-access-block-configuration false # otherwise I get CREATE_Failed | StagingBucket API: s3:PutPublicAccessBlock Access Denied
cdk deploy
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": "*","Action": "s3:Getobject","Resource": [
"arn:aws:s3:::my-frontend-stack-mycdktsbucket46f56458-4j64761048fr/*"
]
},{
"Effect": "Deny","Resource": [
"arn:aws:s3:::my-frontend-stack-mycdktsbucket46f56458-4j64761048fr/*"
],"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"123.123.123.123/27","123.123.124.123/27"
]
}
}
}
]
}
cdk deploy命令时看到的完整错误:
6/8 | 12:20:56 | CREATE_Failed | Custom::CDKBucketDeployment | my-cdk-ts-deployment-bucket/Customresource/Default (mycdktsdeploymentbucketCustomresource1FF9A593) Failed to create resource. Command '['python3','s3://my-frontend-stack-mycdktsbucket46f56458-1dxm7rpoe13nf/']' returned non-zero exit status 1.
new Customresource (C:\my\prj\tib\cdk\node_modules\@aws-cdk\aws-s3-deployment\node_modules\@aws-cdk\core\lib\custom-resource.ts:115:21)
\_ new BucketDeployment (C:\my\prj\tib\cdk\node_modules\@aws-cdk\aws-s3-deployment\lib\bucket-deployment.ts:201:5)
\_ new CdkStack (C:\my\prj\tib\cdk\lib\cdk-stack.ts:17:9)
\_ Object.<anonymous> (C:\my\prj\tib\cdk\bin\cdk.ts:12:1)
\_ Module._compile (internal/modules/cjs/loader.js:1251:30)
\_ Module.m._compile (C:\my\prj\tib\cdk\node_modules\ts-node\src\index.ts:858:23)
\_ Module._extensions..js (internal/modules/cjs/loader.js:1272:10)
\_ Object.require.extensions.<computed> [as .ts] (C:\my\prj\tib\cdk\node_modules\ts-node\src\index.ts:861:12)
\_ Module.load (internal/modules/cjs/loader.js:1100:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:962:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
\_ main (C:\my\prj\tib\cdk\node_modules\ts-node\src\bin.ts:227:14)
\_ Object.<anonymous> (C:\my\prj\tib\cdk\node_modules\ts-node\src\bin.ts:513:3)
\_ Module._compile (internal/modules/cjs/loader.js:1251:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1272:10)
\_ Module.load (internal/modules/cjs/loader.js:1100:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:962:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
\_ C:\Program Files\nodejs\node_modules\npm\node_modules\libnpx\index.js:268:14
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)