英文:
SOLVED: S3 Object Lock with Cloudformation
问题
ObjectLock在CloudFormation模板中可能尚未实现,或者模板中存在错误。
我尝试应用以下堆栈:
应用堆栈导致创建失败:
无法在现有存储桶上启用Object Lock配置(服务:Amazon S3;状态码:409;错误代码:InvalidBucketState;请求ID:0AF2GTWV4W9P4X1C;S3
在应用堆栈之前该存储桶不存在。
有任何想法吗?
英文:
Is ObjectLock with Cloudformation Templates possibly still not implemented or is there an error in this template?
I tried to apply the following stack:
---
Resources:
TestBucketBucketProd:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: testbucket-prod
VersioningConfiguration:
Status: Enabled
AccessControl: Private
Tags:
- Key: org
Value: prod
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
ObjectLockConfiguration:
ObjectLockEnabled: true
Rule:
DefaultRetention:
Mode: GOVERNANCE
Days: 2
Outputs:
TestBucketBucketName:
Value: !Ref TestBucketBucketProd
Description: The name of the TestBucket S3 bucket.
Applying the stack leads to a failure in creation:
Object Lock configuration cannot be enabled on existing buckets (Service: Amazon S3; Status Code: 409; Error Code: InvalidBucketState; Request ID: 0AF2GTWV4W9P4X1C; S3
The bucket did not exist before applying the stack.
Any ideas?
答案1
得分: 1
通过AWS支持的帮助,我得到了解决方案。
我会在这里写出来,因为我认为这并不是很直观。
您需要两次提及"ObjectLockEnabled"。
ObjectLockEnabled: true
ObjectLockConfiguration:
ObjectLockEnabled: "Enabled"
Rule:
DefaultRetention:
Mode: "GOVERNANCE"
Days: 2
ChatGPT帮助我解决了CLI的问题:
aws s3api create-bucket --bucket zentrada-dev-testbucket \
--region eu-central-1 \
--create-bucket-configuration \
LocationConstraint=eu-central-1 --object-lock-enabled-for-bucket
aws s3api put-object-lock-configuration \
--bucket zentrada--dev-testbucket --object-lock-configuration \
'{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"GOVERNANCE","Days":1}}}'
英文:
With help from AWS support, I got the solution.<BR/>
I'll write it here, because I don't think, it is quite intuitive.<BR/>
You need to hand over "ObjectLockEnabled" twice.<BR/>
<pre>
ObjectLockEnabled: true
ObjectLockConfiguration:
ObjectLockEnabled: "Enabled"
Rule:
DefaultRetention:
Mode: "GOVERNANCE"
Days: 2
</pre>
ChatGPT helped me with a solution for the CLI:
<pre>
aws s3api create-bucket --bucket zentrada-dev-testbucket \
--region eu-central-1 \
--create-bucket-configuration \
LocationConstraint=eu-central-1 --object-lock-enabled-for-bucket
aws s3api put-object-lock-configuration \
--bucket zentrada--dev-testbucket --object-lock-configuration \
'{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"GOVERNANCE","Days":1}}}'
</pre>
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论