Python Bucket.add_to_resource_policy Exemples

Langage de programmation: Python

Espace de nommage/Pack: aws_cdk.aws_s3

Class/Type: Bucket

Méthode/Fonction: add_to_resource_policy

Exemples au hotexamples.com: 2

Python Bucket.add_to_resource_policy - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de aws_cdk.aws_s3.Bucket.add_to_resource_policy extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

Bucket(29)

grant_read(7)

grant_read_write(7)

from_bucket_name(6)

arn_for_objects(4)

grant_write(3)

s3_url_for_object(3)

add_to_resource_policy(2)

from_bucket_arn(2)

add_object_created_notification(1)

grant_put(1)

Méthodes fréquemment utilisées

Bucket (29)

grant_read (7)

grant_read_write (7)

from_bucket_name (6)

arn_for_objects (4)

grant_write (3)

s3_url_for_object (3)

add_to_resource_policy (2)

from_bucket_arn (2)

add_object_created_notification (1)

Méthodes fréquemment utilisées

grant_put (1)

Exemple #1

0

Afficher le fichier

Fichier : stack.py Projet : emmanuellim/improving-forecast-accuracy-with-machine-learning

def secure_bucket(self, name, suppressions=None, **kwargs): bucket = Bucket(self, name, removal_policy=RemovalPolicy.RETAIN, encryption=BucketEncryption.S3_MANAGED, block_public_access=BlockPublicAccess.BLOCK_ALL, **kwargs) bucket.add_to_resource_policy( iam.PolicyStatement( sid="HttpsOnly", resources=[ bucket.arn_for_objects("*"), ], actions=["*"], effect=iam.Effect.DENY, principals=[iam.AnyPrincipal()], conditions={"Bool": { "aws:SecureTransport": False }}, )) bucket_cfn = bucket.node.default_child # type: CfnResource bucket_cfn.override_logical_id(name) if suppressions: add_cfn_nag_suppressions(bucket_cfn, suppressions) return bucket

Exemple #2

0

Afficher le fichier

def provide_access_to_artifacts(scope: core.Construct, *, pipeline_def: Pipeline, artifact_bucket: aws_s3.Bucket) -> None: role_arns = set() for role_arn in pipeline_def.get("artifact_access", {}).get("role_arns", []): role_arns.add(role_arn) for stage_def in pipeline_def["stages"]: for action_def in stage_def["actions"]: if "role_arn" in action_def: account = core.Arn.parse(action_def["role_arn"]).account if account != core.Stack.of(scope).account: role_arns.add(action_def["role_arn"]) for role_arn in role_arns: artifact_bucket.add_to_resource_policy( aws_iam.PolicyStatement( actions=["s3:Get*"], resources=[artifact_bucket.arn_for_objects("*")], effect=aws_iam.Effect.ALLOW, principals=[aws_iam.ArnPrincipal(role_arn)], ))