(aws-s3): "s3: PutBucketPolicy" is added when autoDeleteObjects=True, in CDK Version 2.100 #29873
Description
Describe the bug
SIM Ticket - V1347352006
This PR added "s3:PutBucketPolicy" when autoDeleteObjects is set to True in CDK Version 2.100
Expected Behavior
the policy should not be added by default
Current Behavior
creating a bucket with "autoDeleteObject: true" automatically added "s3:PutBucketPolicy".
Reproduction Steps
- Run below code with CDK 2.99
const bucket100 = new s3.Bucket(this, 'Bucket100', {
versioned: true,
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true
});
This policy generated -
"Bucket": {
"Ref": "Bucket9970D96479"
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
},
- npm uninstall -g aws-cdk
- npm cache clean --force
- npm install -g aws-cdk@2.100
- Run above code and do 'cdk synth'
- Policy generated -
"Bucket": {
"Ref": "Bucket1000EAAE573"
},
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:List*",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
"Arn"
]
}
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.100
Framework Version
No response
Node.js Version
na
OS
mac
Language
TypeScript
Language Version
No response
Other information
No response