Cloudformation 模板错误:每个 Fn::GetAtt object 需要两个非空参数
[英]Cloudformation Template error: every Fn::GetAtt object requires two non-empty parameters
问题描述
I have made a nested cloudformation stack that in this case references a Lambda child stack.
我制作了一个嵌套的 cloudformation 堆栈,在这种情况下引用了 Lambda 子堆栈。 Because I have multiple LambdaFunctions, I designed the LambdaFunction resource in the Lambda child template such that it can repeat the same actions across all the Lambda Functions specified in the Parent template.因为我有多个 LambdaFunction,所以我在 Lambda 子模板中设计了 LambdaFunction 资源,以便它可以在父模板中指定的所有 Lambda 函数中重复相同的操作。
However, I get the following error once I execute create-stack : Template error: every Fn::GetAtt object requires two non-empty parameters, the resource name and the resource attribute , which is pointing to the Lambda Child template.但是,执行create-stack后出现以下错误: Template error: every Fn::GetAtt object requires two non-empty parameters, the resource name and the resource attribute ,它们指向 Lambda 子模板。
I tried adding a DependsOn clause in which I listed all the LambdaExecutionRoles, since the LambdaFunction references those, but that didn't appear to resolve the issue.我尝试添加一个 DependsOn 子句,其中列出了所有 LambdaExecutionRoles,因为 LambdaFunction 引用了这些,但这似乎并没有解决问题。 So something is either going wrong with taking in the LambdaName parameter or grabbing the Arn.因此,要么接收 LambdaName 参数,要么获取 Arn 出现问题。 Any thoughts?有什么想法吗?
Portion of Parent template :父模板的一部分:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
AlignmentLambdaFuncS3BucketName:
Type: String
AlignmentLambdaFuncS3KeyName:
Type: String
AlignmentLambdaFuncModuleName:
Type: String
HaploLambdaFuncS3BucketName:
Type: String
HaploLambdaFuncS3KeyName:
Type: String
HaploLambdaFuncModuleName:
Type: String
Resources:
AlignmentLambdaFunction:
Type: "AWS::CloudFormation::Stack"
Properties:
Parameters:
LambdaName: Alignment
BucketName: LambdaFuncS3BucketName
S3KeyName: LambdaFuncS3KeyName
ModuleName: LambdaFuncModuleName
TemplateURL: https://s3.amazonaws.com/CFNTemplate/lambda_resources.stack.yaml
TimeoutInMinutes: 1
HaploLambdaFunction:
Type: "AWS::CloudFormation::Stack"
Properties:
Parameters:
LambdaName: Haplo
BucketName: LambdaFuncS3BucketName
S3KeyName: LambdaFuncS3KeyName
ModuleName: LambdaFuncModuleName
TemplateURL: https://s3.amazonaws.com/CFNTemplate/lambda_resources.stack.yaml
TimeoutInMinutes: 1
Portion of Lambda child template : Lambda 子模板的一部分:
AWSTemplateFormatVersion: '2010-09-09'
Description: lambda function and execution role stack.
Parameters:
LambdaName:
Type: String
BucketName:
Type: String
S3KeyName:
Type: String
ModuleName:
Type: String
KMSAdminUserARN:
Type: String
KMSEndUserARN:
Type: String
Resources:
LambdaFunction:
Type: "AWS::Lambda::Function"
Properties:
Handler: !Sub '${LambdaName}-{ModuleName}.handler'
Role:
Fn::GetAtt: [ !Sub '${LambdaName}LambdaExecutionRole', Arn ]
Code:
S3Bucket: !Sub '${LambdaName}{BucketName}'
S3Key: !Sub '${LambdaName}{S3KeyName}'
Runtime: "python3.6"
AlignmentLambdaExecutionRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: "sts:AssumeRole"
Policies:
- PolicyName: CanListBuckets
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:GetBucketLocation"
- "s3:ListAllMyBuckets"
Resource: "arn:aws:s3:::*"
- PolicyName: CanCallBatch
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "batch:*"
Resource: "*"
- PolicyName: CanLog
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:*
Resource: arn:aws:logs:*:*:*
HaploLambdaExecutionRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: "sts:AssumeRole"
Policies:
- PolicyName: CanListBuckets
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:GetBucketLocation"
- "s3:ListAllMyBuckets"
Resource: "arn:aws:s3:::*"
- PolicyName: CanCallBatch
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "batch:*"
Resource: "*"
- PolicyName: CanLog
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:*
Resource: arn:aws:logs:*:*:*
2 个解决方案
解决方案1
1 2018-03-09 21:39:49
Unfortunately, you can't use any functions (for example, Sub ) inside Fn::GetAtt 's logical resource name: 不幸的是,您不能在Fn::GetAtt的逻辑资源名称内使用任何函数(例如Sub ):
For the Fn::GetAtt logical resource name, you cannot use functions.
Source: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html 来源: https : //docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html
解决方案2
0 2022-09-16 02:46:16
+1 to divinedragon's solution. +1 神龙的解决方案。 You should be able to abstract away the *ExecutionRole resources into a separate file, have that file output each resources arn, and then pick that up directly in the lambda template.您应该能够将 *ExecutionRole 资源抽象到一个单独的文件中,将该文件 output 每个资源 arn,然后直接在 lambda 模板中提取。 Some pseudo code that has worked for me in the past (I use exports here, but you can just pass by parameter if you can't):过去对我有用的一些伪代码(我在这里使用导出,但如果不能,你可以通过参数传递):
ExecutionRoleTempate.yml: ExecutionRoleTempate.yml:
Resources:
ExecutionRole1:
Type: "AWS::IAM::Role"
...
ExecutionRole2:
Type: "AWS::IAM::Role"
...
Output:
ERArn1:
Value: Fn::GetAtt ExecutionRole1.arn
Export:
Name: ERArn1
ERArn2:
Value: Fn::GetAtt ExecutionRole2.arn
Export:
Name: ERArn2
lambda_resources.stack.yaml: lambda_resources.stack.yaml:
Resources:
LambdaFunction:
...
Role: Fn::ImportValue !Sub ....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.