質問編集履歴
2
追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -111,7 +111,7 @@
|
|
111
111
|
)
|
112
112
|
|
113
113
|
```
|
114
|
-
CFnテンプレート
|
114
|
+
CFnテンプレート(一部抜粋)
|
115
115
|
```YAML
|
116
116
|
Parameters:
|
117
117
|
accountId:
|
@@ -165,105 +165,70 @@
|
|
165
165
|
- iam:SetDefaultPolicyVersion
|
166
166
|
Resource:
|
167
167
|
- arn:aws:iam::{accountId}:policy/iam-create
|
168
|
+
|
169
|
+
|
170
|
+
|
171
|
+
```
|
172
|
+
|
173
|
+
|
174
|
+
追記
|
175
|
+
|
176
|
+
CFnテンプレートを下記のようにしたらうまく動作することを確認しましたが、 !Sub はどのようにCDKで書けるでしょうか?
|
168
|
-
|
177
|
+
CFnテンプレート(一部抜粋)
|
178
|
+
```YAML
|
169
|
-
|
179
|
+
Parameters:
|
170
|
-
|
180
|
+
accountId:
|
181
|
+
Type: String
|
182
|
+
BootstrapVersion:
|
183
|
+
Type: AWS::SSM::Parameter::Value<String>
|
184
|
+
Default: /cdk-bootstrap/hnb659fds/version
|
185
|
+
Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
|
171
|
-
|
186
|
+
Resources:
|
172
|
-
|
187
|
+
MyCfnManagedPolicy:
|
173
|
-
Metadata:
|
174
|
-
aws:cdk:path: sample/MyCfnManagedPolicy
|
175
|
-
CDKMetadata:
|
176
|
-
Type: AWS::
|
188
|
+
Type: AWS::IAM::ManagedPolicy
|
177
189
|
Properties:
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
Condition:
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
-
|
186
|
-
-
|
187
|
-
-
|
188
|
-
- a
|
189
|
-
-
|
190
|
-
-
|
191
|
-
- a
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
-
|
196
|
-
-
|
197
|
-
- a
|
198
|
-
-
|
199
|
-
-
|
200
|
-
- a
|
201
|
-
-
|
202
|
-
-
|
203
|
-
- a
|
204
|
-
-
|
205
|
-
-
|
206
|
-
- a
|
207
|
-
-
|
208
|
-
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
- cn
|
213
|
-
-
|
214
|
-
-
|
215
|
-
-
|
216
|
-
-
|
217
|
-
|
218
|
-
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
- Fn::Equals:
|
224
|
-
- Ref: AWS::Region
|
225
|
-
- eu-south-1
|
226
|
-
- Fn::Equals:
|
227
|
-
- Ref: AWS::Region
|
228
|
-
- eu-west-1
|
229
|
-
- Fn::Equals:
|
230
|
-
- Ref: AWS::Region
|
231
|
-
- eu-west-2
|
232
|
-
- Fn::Equals:
|
233
|
-
- Ref: AWS::Region
|
234
|
-
- eu-west-3
|
235
|
-
- Fn::Equals:
|
236
|
-
- Ref: AWS::Region
|
237
|
-
- me-south-1
|
238
|
-
- Fn::Equals:
|
239
|
-
- Ref: AWS::Region
|
240
|
-
- sa-east-1
|
241
|
-
- Fn::Equals:
|
242
|
-
- Ref: AWS::Region
|
243
|
-
- us-east-1
|
244
|
-
- Fn::Equals:
|
245
|
-
- Ref: AWS::Region
|
246
|
-
- us-east-2
|
247
|
-
- Fn::Or:
|
248
|
-
- Fn::Equals:
|
249
|
-
- Ref: AWS::Region
|
250
|
-
- us-west-1
|
251
|
-
- Fn::Equals:
|
252
|
-
- Ref: AWS::Region
|
253
|
-
- us-west-2
|
254
|
-
Rules:
|
255
|
-
CheckBootstrapVersion:
|
256
|
-
Assertions:
|
257
|
-
- Assert:
|
258
|
-
Fn::Not:
|
259
|
-
- Fn::Contains:
|
260
|
-
- - "1"
|
261
|
-
- "2"
|
262
|
-
- "3"
|
263
|
-
- "4"
|
264
|
-
- "5"
|
265
|
-
- Ref: BootstrapVersion
|
266
|
-
AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.
|
267
|
-
|
268
|
-
|
269
|
-
```
|
190
|
+
PolicyDocument:
|
191
|
+
Version: "2012-10-17"
|
192
|
+
Statement:
|
193
|
+
- Condition:
|
194
|
+
StringEquals:
|
195
|
+
iam:PermissionsBoundary: !Sub arn:aws:iam::${accountId}:policy/iam-create
|
196
|
+
Action:
|
197
|
+
- iam:CreateUser
|
198
|
+
- iam:DeleteUserPolicy
|
199
|
+
- iam:UpdateUser
|
200
|
+
- iam:AttachUserPolicy
|
201
|
+
- iam:DetachUserPolicy
|
202
|
+
- iam:PutUserPolicy
|
203
|
+
- iam:PutUserPermissionsBoundary
|
204
|
+
Resource: "*"
|
205
|
+
Effect: Allow
|
206
|
+
- Action:
|
207
|
+
- iam:Get*
|
208
|
+
- iam:List*
|
209
|
+
- iam:DeleteUser
|
210
|
+
- iam:*Group*
|
211
|
+
- iam:CreatePolicy
|
212
|
+
- iam:CreateLoginProfile
|
213
|
+
- iam:CreateAccessKey
|
214
|
+
- iam:DeletePolicy
|
215
|
+
- iam:DeletePolicyVersion
|
216
|
+
- iam:DeleteLoginProfile
|
217
|
+
- iam:DeleteAccessKey
|
218
|
+
- iam:SetDefaultPolicyVersion
|
219
|
+
- iam:SimulatePrincipalPolicy
|
220
|
+
- iam:SimulateCustomPolicy
|
221
|
+
Resource: "*"
|
222
|
+
Effect: Allow
|
223
|
+
- Action:
|
224
|
+
- iam:CreatePolicyVersion
|
225
|
+
- iam:DeletePolicy
|
226
|
+
- iam:DeletePolicyVersion
|
227
|
+
- iam:DeleteUserPermissionsBoundary
|
228
|
+
- iam:SetDefaultPolicyVersion
|
229
|
+
Resource:
|
230
|
+
- !Sub arn:aws:iam::${accountId}:policy/iam-create
|
231
|
+
|
232
|
+
|
233
|
+
|
234
|
+
```
|
1
修正
test
CHANGED
@@ -1 +1 @@
|
|
1
|
-
CDKを使って作成したCFnテンプレートにパラメータを設定する方法
|
1
|
+
CDKを使って作成したCFnテンプレートにパラメータを設定する方法(CDKの書き方について)
|
test
CHANGED
@@ -5,6 +5,7 @@
|
|
5
5
|
The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 4c8c12b2-2bdc-4d80-a282-03bf0cc04270; Proxy: null)
|
6
6
|
```
|
7
7
|
というエラーになります。
|
8
|
+
CDKをどう修正したらいいでしょうか?
|
8
9
|
|
9
10
|
CDKとCFnテンプレートとLambdaは下記になります。
|
10
11
|
|