堆栈内存溢出
  简体   繁体   English

如何在 CloudFormation 中获取 SSM 文档的 ARN?

[英]How to get the ARN of an SSM Document in CloudFormation?

 原文  2019-12-16 08:22:15       amazon-web-services/ amazon-cloudformation/ ssm

问题描述

I have a CloudFormation template that creates an AWS::Events::Rule and an AWS::SSM::Document .我有一个 CloudFormation 模板,它创建了一个AWS::Events::Rule和一个AWS::SSM::Document I need to provide a list of Targets for the SSM::Rule , but each target expects an ARN :我需要为SSM::Rule提供Targets列表,但每个目标都需要一个ARN

mySSMDocument:
  Type: AWS::SSM::Document
  Properties:
    DocumentType: 'Command'
    Content:
      schemaVersion: '2.2'
      description: "Code that will be run on EC2"
      mainSteps:
        - action: "aws:runShellScript"
          name: runShellScript
          inputs:
            runCommand:
              - 'Some command to execute'
myEventRule:
  Type: AWS::Events::Rule
  Properties:
    Description: "A description for the Rule."
    EventPattern: 
      source:
        - "aws.autoscaling"
      detail-type:
        - "EC2 Instance-terminate Lifecycle Action"
      detail:
        AutoScalingGroupName:
          - !Ref 'someAutoScalingGroupInThisTemplate'
    RoleArn: 'some role ARN'
    State: "ENABLED"
    Targets:
      - Id: "some-unique-id"
        Arn: <-- This is the value that I need to fill in.
        RunCommandParameters:
          RunCommandTargets:
            - Key: "tag: Name"
              Values:
                - 'The name of the EC2 machine'

I think that I need to replace the <-- This is the value that I need to fill in. with the ARN of mySSMDocument , but I don't see any way to retrieve this value from within the template itself.我认为我需要用mySSMDocumentARN替换<-- This is the value that I need to fill in. ,但我没有看到任何方法可以从模板本身中检索此值。 The documentation does not specify any GetAtt functionality on SSM::Document that allows to get the ARN . 该文档没有在SSM::Document上指定任何允许获取ARN GetAtt功能。 Anyone know how to solve this issue?有谁知道如何解决这个问题?

2 个解决方案

解决方案1
 5 已采纳  2019-12-16 08:54:55

This is ARN pattern of Document这是文档的 ARN 模式

arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName} arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName}

example:例子:

arn:aws:ssm:us-east-2:12345678912:document/demoooo arn:aws:ssm:us-east-2:12345678912:document/demooo

You can use Ref function to get name of document, then Sub to create final ARN您可以使用Ref函数获取文档名称,然后使用Sub创建最终的 ARN

refer: https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html#awssystemsmanager-resources-for-iam-policies参考: https : //docs.aws.amazon.com/IAM/latest/UserGuide/list_awssystemsmanager.html#awssystemsmanager-resources-for-iam-policies

解决方案2
 5  2019-12-16 18:38:04

!Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:document/${mySSMDocument}

您可以产生的ARN格式AWS::SSM::Document使用的返回值的AWS::SSM::Document ,该伪参数分区,区域和ACCOUNTIDSub内在功能

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 CloudFormation 从别名获取 AWS SSM 密钥 Arn? - How to get an AWS SSM Key Arn from an Alias using CloudFormation? 如何在 cloudformation 策略文档中引用资源 ARN? (山药) - How to reference a resource ARN in a cloudformation policy document ? (yaml) 如何使用 CloudFormation 创建具有 DocumentType 包的“AWS::SSM::Document” - How to create an 'AWS::SSM::Document' with DocumentType of Package using CloudFormation AWS CloudFormation:如何获取 DynamoDB GlobalTable 副本的 stream ARN? - AWS CloudFormation: How to get stream ARN of DynamoDB GlobalTable replica? 使用 cloudformation 部署时如何获取 AWS Api 网关的 arn - How to get arn of AWS Api gateway when deploying with cloudformation 如何获取新创建的 aws_cloudformation_stack 的 arn terraform - How to get the arn of a newly created aws_cloudformation_stack terraform AWS Cloudformation SSM 自动化文档 | 与 aws cloudformation package 一起使用 - AWS Cloudformation SSM automation document | use with aws cloudformation package 如何在 cloudformation 中引用 AWS 托管策略 arn? - How to reference AWS managed policy arn in cloudformation? 如何在CloudFormation中生成AWS根账户ARN? - How to generate the AWS root account ARN in CloudFormation? 如何获取 CloudFormation 生成的 lambda 的日志组名称和 ARN? - How do I get the log group name and ARN of a lambda generated by CloudFormation?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM