如何解决如何使用仅适用于特定IP地址NotIpAddress条件的AWS CDK部署S3存储桶? 详细说明:
每当我添加以下策略时, cdk deploy
命令就会失败:
s3BucketofFrontend.addToResourcePolicy(new iam.PolicyStatement({
effect: Effect.DENY,actions: ['s3:*'],resources: [s3BucketofFrontend.arnForObjects('*')],principals: [new iam.AnyPrincipal()],conditions: {
'NotIpAddress': {
'aws:SourceIp': deFinitions.permittedProxyIPs // list of IP strings
}
}
}))
出现此错误:
Custom::CDKBucketDeployment | my-cdk-ts-deployment-bucket/Customresource/Default (mycdktsdeploymentbucketCustomresource1FF9A593) Failed to create resource. Command '['python3','/var/task/aws','s3','sync','--delete','/tmp/tmpvs26w_jk/contents','s3://my-frontend-stack-mycdktsbucket46f56458-1dxm7rpoe13nf/']' returned non-zero exit status 1
详细说明:
我的S3存储桶只能用于特定的IP地址。我正在尝试使用CDK部署它:
cdk synth
cdk bootstrap --public-access-block-configuration false # otherwise I get CREATE_Failed | StagingBucket API: s3:PutPublicAccessBlock Access Denied
cdk deploy
我正在尝试执行此策略(在S3存储桶上):
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": "*","Action": "s3:Getobject","Resource": [
"arn:aws:s3:::my-frontend-stack-mycdktsbucket46f56458-4j64761048fr/*"
]
},{
"Effect": "Deny","Resource": [
"arn:aws:s3:::my-frontend-stack-mycdktsbucket46f56458-4j64761048fr/*"
],"Condition": {
"NotIpAddress": {
"aws:SourceIp": [
"123.123.123.123/27","123.123.124.123/27"
]
}
}
}
]
}
这是我在运行cdk deploy
命令时看到的完整错误:
6/8 | 12:20:56 | CREATE_Failed | Custom::CDKBucketDeployment | my-cdk-ts-deployment-bucket/Customresource/Default (mycdktsdeploymentbucketCustomresource1FF9A593) Failed to create resource. Command '['python3','s3://my-frontend-stack-mycdktsbucket46f56458-1dxm7rpoe13nf/']' returned non-zero exit status 1.
new Customresource (C:\my\prj\tib\cdk\node_modules\@aws-cdk\aws-s3-deployment\node_modules\@aws-cdk\core\lib\custom-resource.ts:115:21)
\_ new BucketDeployment (C:\my\prj\tib\cdk\node_modules\@aws-cdk\aws-s3-deployment\lib\bucket-deployment.ts:201:5)
\_ new CdkStack (C:\my\prj\tib\cdk\lib\cdk-stack.ts:17:9)
\_ Object.<anonymous> (C:\my\prj\tib\cdk\bin\cdk.ts:12:1)
\_ Module._compile (internal/modules/cjs/loader.js:1251:30)
\_ Module.m._compile (C:\my\prj\tib\cdk\node_modules\ts-node\src\index.ts:858:23)
\_ Module._extensions..js (internal/modules/cjs/loader.js:1272:10)
\_ Object.require.extensions.<computed> [as .ts] (C:\my\prj\tib\cdk\node_modules\ts-node\src\index.ts:861:12)
\_ Module.load (internal/modules/cjs/loader.js:1100:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:962:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
\_ main (C:\my\prj\tib\cdk\node_modules\ts-node\src\bin.ts:227:14)
\_ Object.<anonymous> (C:\my\prj\tib\cdk\node_modules\ts-node\src\bin.ts:513:3)
\_ Module._compile (internal/modules/cjs/loader.js:1251:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1272:10)
\_ Module.load (internal/modules/cjs/loader.js:1100:32)
\_ Function.Module._load (internal/modules/cjs/loader.js:962:14)
\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
\_ C:\Program Files\nodejs\node_modules\npm\node_modules\libnpx\index.js:268:14
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。