我在通过 Cloudformation 实现 CloudTrail 时遇到了问题,当我尝试启动模型时,由于抛出了存储桶错误,检测到了不正确的 S3 存储桶策略。
这是 BucketPolicy 的配置:
"LogBucketPolicy": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "LogBucket"
},
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "LogBucket"
}
]
]
}
},
{
"Sid": "AWSCloudTrailWrite",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:s3:::",
{
"Ref": "LogBucket"
},
"/AWSLogs/139339407673/*"
]
] …我正在尝试为Azure和AWS实施几种安全服务,而我现在正努力在Azure服务池中找到与某些AWS服务等效的服务(因为该信息在Azure文档中不存在)。有什么等同于:
在此先感谢您的帮助!
(重要提示:这并不旨在评估提供商与另一提供商,而仅仅是为了帮助理解服务如何从一个提供商转换到另一个提供商)