我需要将一些元数据添加到 Cloudformation 中以获取 IAM 策略。我怎样才能用 CDK 做到这一点?
我正在使用 CDK 合成 cloudformation,并且需要包含元数据来抑制 cfn-nag ( https://github.com/stelligent/cfn_nag ) 警告。
我使用以下语句进行了策略生成:
const cfnCustomPolicy = new iam.CfnPolicy(scope,
'cfnCustomPolicy',
{
policyName: "CustomPolicy",
policyDocument: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "apigateway:GET",
Resource: [
"arn:aws:apigateway:us-east-1::/restapis/*/stages/*/exports/*"
]
}
]
}
}
);
cfnCustomPolicy.cfnOptions.metadata = {
cfn_nag: {
rules_to_suppress: [
{
id: "W12",
reason: "The lambda need access to export documents from any API"
}
]
}
}
有没有更好的方法使用 CDK 来做到这一点,而不使用 L1 接口?