想知道是否可以在AWS policy generator生成的.json文件中定义策略,并将该文件作为参数值传递到cloudformation s3bucket策略中。
因此policy.json文件类似于以下内容:
{
"Id": "Policyid",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmtid",
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<bucket name>",
"Principal": {
"AWS": [
"<user>"
]
}
}
]
}
现在我想用这样的话打电话
aws cloudformation create-stack --stack-name mystack --template-body file:///mystackcreation.json --parameter ParameterKey=PolicyDocument,ParameterValue=policy.json
mystackcreation.json是一个看起来像
的测试文件{
"Parameters": {
"PolicyDocument": {
"Type": "String",
"Description": ""
}
},
"Resources" : {
"S3BucketPolicy" : {
"Type" : "AWS::S3::BucketPolicy",
"Properties" : {
"Bucket" : mybucket,
"PolicyDocument" : { "Ref" : "PolicyDocument" }
}
}
}
}