Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

CDK BackupVault.grant() doesn't work

0

I try to create vault with additional policy

        // Create an AWS Backup vault
        const backupVault = new backup.BackupVault(this, this.backup_name + '-vault', {
            backupVaultName: this.backup_name + '-vault',
            blockRecoveryPointDeletion: true,
            removalPolicy: RemovalPolicy.DESTROY,
        });
        backupVault.grant(new iam.AccountPrincipal('111222333444'), 
                'backup:CopyIntoBackupVault'
              );

But vault is created without granted policy. CDK generate template like that:

 "Resources": {
  "mybackupvault67D998C2": {
   "Type": "AWS::Backup::BackupVault",
   "Properties": {
    "AccessPolicy": {
     "Statement": [
      {
       "Action": [
        "backup:DeleteRecoveryPoint",
        "backup:UpdateRecoveryPointLifecycle"
       ],
       "Effect": "Deny",
       "Principal": {
        "AWS": "*"
       },
       "Resource": "*"
      }
     ],
     "Version": "2012-10-17"
    },
    "BackupVaultName": "my_backup-vault"
   },
   "UpdateReplacePolicy": "Delete",
   "DeletionPolicy": "Delete",
   "Metadata": {
    "aws:cdk:path": "euc1-backup/my_backup-vault/Resource"
   }
  },
...

What can be a reason?

  • AWS-User-6476479
    vor einem Monat

    Instead of using backupVault.grant You should use addToAccessPolicy to add access policy to the backup vault. Please check and let me know

Themen
SpeicherAWS Cloud-Entwicklungskit (CDK)
Tags
AWS DatensicherungAWS Cloud-Entwicklungskit (CDK)
Sprache
English
Viacheslav
gefragt vor einem Monat90 Aufrufe
Keine Antworten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt