Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

CDK BackupVault.grant() doesn't work

0

I try to create vault with additional policy

        // Create an AWS Backup vault
        const backupVault = new backup.BackupVault(this, this.backup_name + '-vault', {
            backupVaultName: this.backup_name + '-vault',
            blockRecoveryPointDeletion: true,
            removalPolicy: RemovalPolicy.DESTROY,
        });
        backupVault.grant(new iam.AccountPrincipal('111222333444'), 
                'backup:CopyIntoBackupVault'
              );

But vault is created without granted policy. CDK generate template like that:

 "Resources": {
  "mybackupvault67D998C2": {
   "Type": "AWS::Backup::BackupVault",
   "Properties": {
    "AccessPolicy": {
     "Statement": [
      {
       "Action": [
        "backup:DeleteRecoveryPoint",
        "backup:UpdateRecoveryPointLifecycle"
       ],
       "Effect": "Deny",
       "Principal": {
        "AWS": "*"
       },
       "Resource": "*"
      }
     ],
     "Version": "2012-10-17"
    },
    "BackupVaultName": "my_backup-vault"
   },
   "UpdateReplacePolicy": "Delete",
   "DeletionPolicy": "Delete",
   "Metadata": {
    "aws:cdk:path": "euc1-backup/my_backup-vault/Resource"
   }
  },
...

What can be a reason?

  • AWS-User-6476479
    hace un mes

    Instead of using backupVault.grant You should use addToAccessPolicy to add access policy to the backup vault. Please check and let me know

Temas
AlmacenamientoAWS Cloud Development Kit (CDK)
Etiquetas
AWS BackupAWS Cloud Development Kit (CDK)
Idioma
English
Viacheslav
preguntada hace un mes90 visualizaciones
No hay respuestas

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante