如何从 cloudformation 模板中的参数文件传递公钥?
[英]How to pass public key from parameter file in cloudformation template?
问题描述
I have defined the following a Cloudformation template, where I want to pass Public Key from a parameter file.
我已经定义了以下 Cloudformation 模板,我想从参数文件中传递公钥。 The 'MyPublicKey' variable is of string type. “MyPublicKey”变量是字符串类型的。 I refer to this variable by using我通过使用来引用这个变量
EncodedKey !Ref MyPublicKey
under PublicKeyConfig as seen below.在 PublicKeyConfig 下,如下所示。
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
MyPublicKey:
Type: String
Description: 'Public key for some purpose'
NoEcho: true
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Ref MyPublicKey
...
The parameter.json file looks something like this.参数.json 文件看起来像这样。 The public key was multi line in the original.pem file but I have added new lines character '\n' in the string whereever there is a line break.公钥在 original.pem 文件中是多行的,但我在字符串中添加了换行符 '\n',只要有换行符。
[
{
"ParameterKey": "MyPublicKey",
"ParameterValue": "-----BEGIN PUBLIC KEY-----\naaaa\nbbbb\n-----END PUBLIC KEY-----"
},
]
When trying to update the stack, I get the following error:尝试更新堆栈时,出现以下错误:
Invalid request provided: AWS::CloudFront::PublicKey
It does not seem to be able to import the public key.它似乎无法导入公钥。
1 个解决方案
解决方案1
0 已采纳 2021-02-27 10:30:18
Based on comments an extra \n char was needed when passing the value and Ref should be replaced with Sub function for placing the string.根据注释,传递值时需要额外的\n字符,并且Ref应替换为Sub function 以放置字符串。
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Sub "${MyPublicKey}"
Below is the inline key example:下面是内联键示例:
Generate keys:生成密钥:
openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
Cloudformationt template: Cloudformationt 模板:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN
lKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT
sZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh
MNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON
8BjcNloJE3NbLYshQPconb8pA+3jjkMF0QAH6rtc452G7CuS3KBfVQwWUeWE77kK
wQQir6YFvKP3pG8Ls55FxXBTCCNJl5LZcHt1D0cZmuoSLJj2mVzJgKGyLTdoIwAW
6QIDAQAB
-----END PUBLIC KEY-----
Listing keys:列表键:
aws cloudfront list-public-keys|jq .PublicKeyList.Items[1]
Output: Output:
{
"Id": "08ZCTRKADSADASDAS",
"Name": "cloudfront-public-key",
"CreatedTime": "2021-02-27T10:25:43.076Z",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN\nlKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT\nsZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh\nMNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON\n8BjcNloJE3NbLYscZmuoSLJj2mVzJgKGyLTdoIwAW\n6QIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "Public key for signed url"
}
Public key creation in AWS cloudformation giving following error: Invalid request provided: AWS::CloudFront::PublicKey already answered. AWS cloudformation 中的公钥创建给出以下错误:提供的请求无效:AWS::CloudFront::PublicKey已回答。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.