Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

CDK BackupVault.grant() doesn't work

0

I try to create vault with additional policy

        // Create an AWS Backup vault
        const backupVault = new backup.BackupVault(this, this.backup_name + '-vault', {
            backupVaultName: this.backup_name + '-vault',
            blockRecoveryPointDeletion: true,
            removalPolicy: RemovalPolicy.DESTROY,
        });
        backupVault.grant(new iam.AccountPrincipal('111222333444'), 
                'backup:CopyIntoBackupVault'
              );

But vault is created without granted policy. CDK generate template like that:

 "Resources": {
  "mybackupvault67D998C2": {
   "Type": "AWS::Backup::BackupVault",
   "Properties": {
    "AccessPolicy": {
     "Statement": [
      {
       "Action": [
        "backup:DeleteRecoveryPoint",
        "backup:UpdateRecoveryPointLifecycle"
       ],
       "Effect": "Deny",
       "Principal": {
        "AWS": "*"
       },
       "Resource": "*"
      }
     ],
     "Version": "2012-10-17"
    },
    "BackupVaultName": "my_backup-vault"
   },
   "UpdateReplacePolicy": "Delete",
   "DeletionPolicy": "Delete",
   "Metadata": {
    "aws:cdk:path": "euc1-backup/my_backup-vault/Resource"
   }
  },
...

What can be a reason?

  • AWS-User-6476479
    un mese fa

    Instead of using backupVault.grant You should use addToAccessPolicy to add access policy to the backup vault. Please check and let me know

Argomenti
ArchiviazioneKit di sviluppo cloud AWS (CDK)
Tag
AWS BackupKit di sviluppo cloud AWS (CDK)
Lingua
English
Viacheslav
posta un mese fa90 visualizzazioni
Nessuna risposta

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente