[英]CloudFormation: Block deleting resources
從這個問題衍生出來的。 嘗試在更改期間使cloudformation模板安全。
有沒有一種方法實際上阻止刪除角色和表? 添加政策幫助嗎?
給出以下模板摘錄:
{
...
"Parameters" : {
"ShouldCreateTable" : {
...
"Description" : "If true then the underlying DynamoDB table will be created with the CloudFormation stack."
},
...
},
"Conditions" : {
"CreateDynamoTable" : {"Fn::Equals" : [{"Ref" : "ShouldCreateTable"}, "true"]},
...
},
"Resources" : {
"Get" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
...
"Role": {"Fn::If" : ["CreateRole", {"Fn::GetAtt":["LambdaRole", "Arn"]}, {"Ref":"RoleARN"}]},
"Environment" : {
"Variables" : {
"AppDynamoTable" : { "Fn::If" : ["CreateDynamoTable", {"Ref":"DynamoTable"}, { "Ref" : "TableName" } ] }
}
},
...
}
},
"LambdaRole":{
"Type":"AWS::IAM::Role",
...
},
"DynamoTable" : {
"Type" : "AWS::DynamoDB::Table",
...
}
},
}
解決方案可能是使用DeletionPolicy Attribute 。 您可以輕松地在要“阻止”刪除的資源中添加"DeletionPolicy" : "Retain" 。
刪除堆棧時,AWS CloudFormation保留資源而不刪除資源或其內容。 您可以將此刪除策略添加到任何資源類型。
在給定的示例中,這看起來像這樣:
"LambdaRole":{
"Type":"AWS::IAM::Role",
"DeletionPolicy" : "Retain",
...
},
"DynamoTable" : {
"Type" : "AWS::DynamoDB::Table",
"DeletionPolicy" : "Retain",
...
}
Cloudformation 模板更新而不刪除現有堆棧和資源?
[英]Cloudformation template update without deleting the existing stack and resources?
CloudFormation S3 Bucket/BucketPolicy 創建 - 模板的 Resources 塊中未解析的資源依賴關系 [Environment]
[英]CloudFormation S3 Bucket/BucketPolicy creation - Unresolved resource dependencies [Environment] in the Resources block of the template
AWS CloudFormation 模板格式錯誤:未解決的資源依賴項<s3 bucket>在模板的資源塊中
[英]AWS CloudFormation Template format error: Unresolved resource dependencies <s3 bucket> in the Resources block of the template
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.