带有 Cloudformation 模板的 ObjectLock 是否可能尚未实现,或者此模板中是否存在错误?
我尝试应用以下堆栈:
---
Resources:
TestBucketBucketProd:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: testbucket-prod
VersioningConfiguration:
Status: Enabled
AccessControl: Private
Tags:
- Key: org
Value: prod
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
ObjectLockConfiguration:
ObjectLockEnabled: true
Rule:
DefaultRetention:
Mode: GOVERNANCE
Days: 2
Outputs:
TestBucketBucketName:
Value: !Ref TestBucketBucketProd
Description: The name of the TestBucket S3 bucket.
应用堆栈导致创建失败: 无法在现有存储桶上启用对象锁定配置(服务:Amazon S3;状态代码:409;错误代码:InvalidBucketState;请求 ID:0AF2GTWV4W9P4X1C;S3
应用堆栈之前该存储桶不存在。 有什么想法吗?
最佳答案
在 AWS 支持人员的帮助下,我找到了解决方案。
我会写在这里,因为我认为,它很直观。
您需要两次移交“ObjectLockEnabled”。
ObjectLockEnabled: true
ObjectLockConfiguration:
ObjectLockEnabled: "Enabled"
Rule:
DefaultRetention:
Mode: "GOVERNANCE"
Days: 2
ChatGPT 帮助我找到了 CLI 的解决方案:
aws s3api create-bucket --bucket zentrada-dev-testbucket \
--region eu-central-1 \
--create-bucket-configuration \
LocationConstraint=eu-central-1 --object-lock-enabled-for-bucket
aws s3api put-object-lock-configuration \
--bucket zentrada--dev-testbucket --object-lock-configuration \
'{"ObjectLockEnabled":"Enabled","Rule":{"DefaultRetention":{"Mode":"GOVERNANCE","Days":1}}}'
关于amazon-s3 - 已解决 : S3 Object Lock with Cloudformation,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76193501/