[英]How to get the ARN of an SSM Document in CloudFormation?
I have a CloudFormation template that creates an AWS::Events::Rule
and an AWS::SSM::Document
.我有一个 CloudFormation 模板,它创建了一个AWS::Events::Rule
和一个AWS::SSM::Document
。 I need to provide a list of Targets
for the SSM::Rule
, but each target expects an ARN
:我需要为SSM::Rule
提供Targets
列表,但每个目标都需要一个ARN
:
mySSMDocument:
Type: AWS::SSM::Document
Properties:
DocumentType: 'Command'
Content:
schemaVersion: '2.2'
description: "Code that will be run on EC2"
mainSteps:
- action: "aws:runShellScript"
name: runShellScript
inputs:
runCommand:
- 'Some command to execute'
myEventRule:
Type: AWS::Events::Rule
Properties:
Description: "A description for the Rule."
EventPattern:
source:
- "aws.autoscaling"
detail-type:
- "EC2 Instance-terminate Lifecycle Action"
detail:
AutoScalingGroupName:
- !Ref 'someAutoScalingGroupInThisTemplate'
RoleArn: 'some role ARN'
State: "ENABLED"
Targets:
- Id: "some-unique-id"
Arn: <-- This is the value that I need to fill in.
RunCommandParameters:
RunCommandTargets:
- Key: "tag: Name"
Values:
- 'The name of the EC2 machine'
I think that I need to replace the <-- This is the value that I need to fill in.
with the ARN
of mySSMDocument
, but I don't see any way to retrieve this value from within the template itself.我认为我需要用mySSMDocument
的ARN
替换<-- This is the value that I need to fill in.
,但我没有看到任何方法可以从模板本身中检索此值。 The documentation does not specify any GetAtt
functionality on SSM::Document
that allows to get the ARN
. 该文档没有在SSM::Document
上指定任何允许获取ARN
GetAtt
功能。 Anyone know how to solve this issue?有谁知道如何解决这个问题?
This is ARN pattern of Document这是文档的 ARN 模式
arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName} arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName}
example:例子:
arn:aws:ssm:us-east-2:12345678912:document/demoooo arn:aws:ssm:us-east-2:12345678912:document/demooo
You can use Ref
function to get name of document, then Sub
to create final ARN您可以使用Ref
函数获取文档名称,然后使用Sub
创建最终的 ARN
refer: https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html#awssystemsmanager-resources-for-iam-policies参考: https : //docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html#awssystemsmanager-resources-for-iam-policies
!Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:document/${mySSMDocument}
您可以产生的ARN格式AWS::SSM::Document
使用的返回值的AWS::SSM::Document
,该伪参数分区,区域和ACCOUNTID和Sub
内在功能
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.