質問編集履歴

2

追記

2022/10/04 05:21

投稿

jetstream
jetstream

score65

test CHANGED
File without changes
test CHANGED
@@ -111,7 +111,7 @@
111
111
  )
112
112
 
113
113
  ```
114
- CFnテンプレート
114
+ CFnテンプレート(一部抜粋)
115
115
  ```YAML
116
116
  Parameters:
117
117
  accountId:
@@ -165,105 +165,70 @@
165
165
  - iam:SetDefaultPolicyVersion
166
166
  Resource:
167
167
  - arn:aws:iam::{accountId}:policy/iam-create
168
+
169
+
170
+
171
+ ```
172
+
173
+
174
+ 追記
175
+
176
+ CFnテンプレートを下記のようにしたらうまく動作することを確認しましたが、 !Sub はどのようにCDKで書けるでしょうか?
168
- Effect: Deny
177
+ CFnテンプレート(一部抜粋)
178
+ ```YAML
169
- - Effect: Deny
179
+ Parameters:
170
- Action: s3:*
180
+ accountId:
181
+ Type: String
182
+ BootstrapVersion:
183
+ Type: AWS::SSM::Parameter::Value<String>
184
+ Default: /cdk-bootstrap/hnb659fds/version
185
+ Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]
171
- Resource: "*"
186
+ Resources:
172
- ManagedPolicyName: managedPolicyName
187
+ MyCfnManagedPolicy:
173
- Metadata:
174
- aws:cdk:path: sample/MyCfnManagedPolicy
175
- CDKMetadata:
176
- Type: AWS::CDK::Metadata
188
+ Type: AWS::IAM::ManagedPolicy
177
189
  Properties:
178
- Analytics: v2:deflate64:H4sIAAAAAAAA/yWKQQrCMBBFz9J9Mop2oeuuhdAeQMZk1LHNDCRTpIh3t8XVf7z3D9C2sG/wXX1Mo5/4Bp/BMI6uu0vAgpmMilv7lTHDKi8o+KAUdOK4bK+eqs4l0sadSmJjla8Liz1Vdkc4wbl5VWZfZjHOBP1/fxasecp7AAAA
179
- Metadata:
180
- aws:cdk:path: sample/CDKMetadata/Default
181
- Condition: CDKMetadataAvailable
182
- Conditions:
183
- CDKMetadataAvailable:
184
- Fn::Or:
185
- - Fn::Or:
186
- - Fn::Equals:
187
- - Ref: AWS::Region
188
- - af-south-1
189
- - Fn::Equals:
190
- - Ref: AWS::Region
191
- - ap-east-1
192
- - Fn::Equals:
193
- - Ref: AWS::Region
194
- - ap-northeast-1
195
- - Fn::Equals:
196
- - Ref: AWS::Region
197
- - ap-northeast-2
198
- - Fn::Equals:
199
- - Ref: AWS::Region
200
- - ap-south-1
201
- - Fn::Equals:
202
- - Ref: AWS::Region
203
- - ap-southeast-1
204
- - Fn::Equals:
205
- - Ref: AWS::Region
206
- - ap-southeast-2
207
- - Fn::Equals:
208
- - Ref: AWS::Region
209
- - ca-central-1
210
- - Fn::Equals:
211
- - Ref: AWS::Region
212
- - cn-north-1
213
- - Fn::Equals:
214
- - Ref: AWS::Region
215
- - cn-northwest-1
216
- - Fn::Or:
217
- - Fn::Equals:
218
- - Ref: AWS::Region
219
- - eu-central-1
220
- - Fn::Equals:
221
- - Ref: AWS::Region
222
- - eu-north-1
223
- - Fn::Equals:
224
- - Ref: AWS::Region
225
- - eu-south-1
226
- - Fn::Equals:
227
- - Ref: AWS::Region
228
- - eu-west-1
229
- - Fn::Equals:
230
- - Ref: AWS::Region
231
- - eu-west-2
232
- - Fn::Equals:
233
- - Ref: AWS::Region
234
- - eu-west-3
235
- - Fn::Equals:
236
- - Ref: AWS::Region
237
- - me-south-1
238
- - Fn::Equals:
239
- - Ref: AWS::Region
240
- - sa-east-1
241
- - Fn::Equals:
242
- - Ref: AWS::Region
243
- - us-east-1
244
- - Fn::Equals:
245
- - Ref: AWS::Region
246
- - us-east-2
247
- - Fn::Or:
248
- - Fn::Equals:
249
- - Ref: AWS::Region
250
- - us-west-1
251
- - Fn::Equals:
252
- - Ref: AWS::Region
253
- - us-west-2
254
- Rules:
255
- CheckBootstrapVersion:
256
- Assertions:
257
- - Assert:
258
- Fn::Not:
259
- - Fn::Contains:
260
- - - "1"
261
- - "2"
262
- - "3"
263
- - "4"
264
- - "5"
265
- - Ref: BootstrapVersion
266
- AssertDescription: CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI.
267
-
268
-
269
- ```
190
+ PolicyDocument:
191
+ Version: "2012-10-17"
192
+ Statement:
193
+ - Condition:
194
+ StringEquals:
195
+ iam:PermissionsBoundary: !Sub arn:aws:iam::${accountId}:policy/iam-create
196
+ Action:
197
+ - iam:CreateUser
198
+ - iam:DeleteUserPolicy
199
+ - iam:UpdateUser
200
+ - iam:AttachUserPolicy
201
+ - iam:DetachUserPolicy
202
+ - iam:PutUserPolicy
203
+ - iam:PutUserPermissionsBoundary
204
+ Resource: "*"
205
+ Effect: Allow
206
+ - Action:
207
+ - iam:Get*
208
+ - iam:List*
209
+ - iam:DeleteUser
210
+ - iam:*Group*
211
+ - iam:CreatePolicy
212
+ - iam:CreateLoginProfile
213
+ - iam:CreateAccessKey
214
+ - iam:DeletePolicy
215
+ - iam:DeletePolicyVersion
216
+ - iam:DeleteLoginProfile
217
+ - iam:DeleteAccessKey
218
+ - iam:SetDefaultPolicyVersion
219
+ - iam:SimulatePrincipalPolicy
220
+ - iam:SimulateCustomPolicy
221
+ Resource: "*"
222
+ Effect: Allow
223
+ - Action:
224
+ - iam:CreatePolicyVersion
225
+ - iam:DeletePolicy
226
+ - iam:DeletePolicyVersion
227
+ - iam:DeleteUserPermissionsBoundary
228
+ - iam:SetDefaultPolicyVersion
229
+ Resource:
230
+ - !Sub arn:aws:iam::${accountId}:policy/iam-create
231
+
232
+
233
+
234
+ ```

1

修正

2022/10/04 05:03

投稿

jetstream
jetstream

score65

test CHANGED
@@ -1 +1 @@
1
- CDKを使って作成したCFnテンプレートにパラメータを設定する方法
1
+ CDKを使って作成したCFnテンプレートにパラメータを設定する方法(CDKの書き方について)
test CHANGED
@@ -5,6 +5,7 @@
5
5
  The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 4c8c12b2-2bdc-4d80-a282-03bf0cc04270; Proxy: null)
6
6
  ```
7
7
  というエラーになります。
8
+ CDKをどう修正したらいいでしょうか?
8
9
 
9
10
  CDKとCFnテンプレートとLambdaは下記になります。
10
11