Attaching a json policy to a s3 bucket with CDK and typescript

Question

I have a policy statement which I can add to my bucket:

const statement = new PolicyStatement({
    effect: Effect.ALLOW,
    principals: '*',
    actions: ["s3:GetObject"],
    resources: [`${bucket.bucketArn}/*`],
});

mybucket.addToResourcePolicy(statement);

However, I have a policy document which contains multiple statements:

 const policy = new PolicyDocument({
      statements: [// many statements ]
})

How can I attached this to my bucket?

Add multiple policy statements by calling `mybucket.addToResourcePolicy(...)` repeatedly? — jarmod, May 09 '23 at 11:12
That is what I am trying to avoid, not the worst solution in the world, though. Will probably end up doing this. — TommyD, May 09 '23 at 14:10

score 1 · Accepted Answer · answered May 09 '23 at 13:52

1

You could pass the policy document to a CfnBucketPolicy construct:

const cfnBucketPolicy = new s3.CfnBucketPolicy(this, 'MyCfnBucketPolicy', {
  bucket: bucket.bucketName,
  policyDocument: policy
});

Or apply each statement individually with addToResourcePolicy, as @jarmod suggets in the comments:

declare const myStatements: iam.PolicyStatement[];
myStatements.forEach(bucket.addToResourcePolicy)

answered May 09 '23 at 13:52

fedonev

20,327
2
25
34

good solution but does not really cut down on much code. Will probably just add them individually. – TommyD May 09 '23 at 14:12

Attaching a json policy to a s3 bucket with CDK and typescript

1 Answers1