Replies: 1 comment 2 replies
-
I am not sure if bucket policy with IAM User as a condition is a good idea but looks like you are trying to define a bucket policy with condition for a specific IAM user created by CDK? According to this, I think you should be able to reference to the |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi! I'm creating a stack that contains certain buckets that are meant to be seen/ used only by a certain list of users / resources, based on this guide: https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/
I've used the following policy as a test for the roles:
It works for the roles created with CDK since I can access the role id with the following
However, it seems that I can't do the same with the users created directly with CDK
I can access to the user id after it has been created with
which returns the following:
Is there a way to get access to the User id created with CDK for the bucket policy?
A custom resource maybe?
EXTRA INFO:
I tried to apply a bucket policy based only on the ARNs, but it doesn't seem to work, but that is an entirely different issue. 😁
the bucket policy based on arns: (that doesn't work) is the following:
Beta Was this translation helpful? Give feedback.
All reactions