我们应该如何使用 Cloud Formation 模板更新 S3 存储桶上的默认加密?
[英]How should we Update default encryption on S3 buckets using Cloud Formation Template?
问题描述
we have pre-existing Cloudformation Stack which created few ec2 Instances and couple of s3 buckets with its policies stuff.
我们有预先存在的 Cloudformation Stack,它创建了几个 ec2 实例和几个带有策略内容的 s3 存储桶。 But the default encryption was not set.但未设置默认加密。
All i was trying do is to up update the existing stack to set Default Encryption to AES-256 using below code.我试图做的就是使用以下代码更新现有堆栈以将默认加密设置为AES-256 。 But it is failing stating "test-encryption-sbox4 already exists in stack".但它没有说明“test-encryption-sbox4 已经存在于堆栈中”。 Im not trying to create s3 but just trying update existing buckets policy.我不是在尝试创建 s3,而是在尝试更新现有的存储桶策略。
Is it valid to update the S3 encryption via stack after it got created ?创建后通过堆栈更新 S3 加密是否有效? or do we need to take care of it which its creation time ?还是我们需要照顾它的创建时间? Can anyone please suggest how to updates existing bucket policy via CF.任何人都可以建议如何通过 CF 更新现有的存储桶策略。
Code which i used.我使用的代码。 How do you set SSE-S3 or SSE-KMS encryption on S3 buckets using Cloud Formation Template? 如何使用 Cloud Formation 模板在 S3 存储桶上设置 SSE-S3 或 SSE-KMS 加密?
1 个解决方案
解决方案1
0 已采纳 2020-09-22 22:53:34
You are getting this error because your bucket is not under control of CFN.您收到此错误是因为您的存储桶不受 CFN 的控制。 Thus, CFN tries to re-create this bucket.因此,CFN 尝试重新创建此存储桶。
If the bucket has been created outside of CFN, eg manually in console, then you have to import it into CloudFormation stack first.如果桶已经创建CFN以外,如手动控制台,那么你必须导入它首先进入CloudFormation堆栈。 Only, after that you can updated it from CFN.只有在此之后,您才能从 CFN 更新它。
Without that, CFN will try to create the same bucket, which obviously results in your error.否则,CFN 将尝试创建相同的存储桶,这显然会导致您的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.