我已经定义了像这样的cloudformation模板:
AWSTemplateFormatVersion: 2010-09-09
Description: Auth stack
Transform: AWS::Serverless-2016-10-31
Parameters:
DeveloperProviderName:
Description: Developer provider name
Type: String
Conditions:
Never:
!Equals [ "true", "false" ]
Resources:
CognitoIdentityPool:
Type: Custom::CognitoIdentityPool
Version: '1.0'
Properties:
IdentityPoolName: !Sub "${AWS::StackName}-cognito-idp"
DeveloperProviderName: !Ref DeveloperProviderName
ServiceToken: !GetAtt CreateIdentityPoolFunction.Arn
.
.
more stuff here for the lambda function etc
.
.
然后,我想添加一个堆栈策略,并拒绝替换和删除:
{
"Statement": [
{
"Effect": "Allow",
"Action": "Update:*",
"Principal": "*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ResourceType": [
"Custom::CognitoIdentityPool"
]
}
}
}
]
}
这就是我设置堆栈策略的方式:
aws cloudformation set-stack-policy \
--stack-name ${stackName} \
--stack-policy-body file://${policyPath}
这是设置堆栈策略时遇到的错误:
An error occurred (ValidationError) when calling the SetStackPolicy operation: Error validating stack policy: Unknown resource type 'Custom::CognitoIdentityPool' in statement {}
有什么想法如何使用堆栈策略保护这些自定义资源?
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句