[英]AWS Cloudformation combination of CommaDelimitedList, fn:if and fn:select
我正在嘗試創建一個 cfn 堆棧。 模板將一個/兩個值作為參數部分的輸入。如果我在資源部分傳遞來自參數相同讀數的兩個值,則其工作正常。 但如果我通過一個它就壞了。
用例:- 我想從參數傳遞兩個值並在 iam 策略中讀取它們。 如果用戶傳遞了一個值,則應使用 {"Ref" : "AWS::NoValue"}。 但我一直在得到
模板錯誤:Fn::Select 無法在索引 1 處選擇不存在的值
這是模板 -
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Template creates a IAMUser and attach a ListALLBuckets/ReadOnly Access Policy to it.",
"Parameters": {
"UserName": {
"Type": "String",
"Description": "Enter User Name"
},
"S3Bucket": {
"Type": "CommaDelimitedList",
"Description": "Select Bucket Name to Associate with the policy",
"Default": ""
}
},
"Conditions": {
"CreateSomeResource": {
"Fn::Not": [{
"Fn::Equals": [{
"Fn::Join": [
"",
{
"Ref": "S3Bucket"
}
]
},
""
]
}]
}
},
"Resources": {
"SomeUserName": {
"Type": "AWS::IAM::User",
"Properties": {
"UserName": { "Ref": "UserName"}
}
},
"SomeUserPolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"Groups": [],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Sid": "ListAllBuckets",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
}, {
"Sid": "ReadOnlyAccess",
"Effect": "Allow",
"Action": [
"s3:GetBucketPolicyStatus",
"s3:GetBucketTagging",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetObject"
],
"Resource": [
{
"Fn::If": [
"CreateSomeResource",
{
"Fn::Join": ["", ["arn:aws:s3:::",
{
"Fn::Select": ["0",
{
"Ref": "S3Bucket"
}
]
}
]]
},
{"Ref" : "AWS::NoValue"}
]
},
{
"Fn::If": [
"CreateSomeResource",
{
"Fn::Join": ["", ["arn:aws:s3:::",
{
"Fn::Select": ["1",
{
"Ref": "S3Bucket"
}
]
}
]]
},
{"Ref" : "AWS::NoValue"}
]
}
]
}
]
},
"PolicyName": "ReadOnly",
"Users": [{
"Ref": "SomeUserName"
}]
}
}
},
"Outputs": {
"UserName": {
"Description": "Name of the Created User",
"Value": {
"Ref": "UserName"
}
}
}
}
如果S3Bucket只有一個值,則:
"Fn::Select": ["1",
{
"Ref": "S3Bucket"
}
顯然是無效的。 可悲的是,您在那里擁有CreateSomeResource條件並不重要。 無論條件為真還是假,選擇都必須有效。
最簡單的解決方案可能是將存儲桶作為兩個單獨的參數S3Bucket1和S3Bucket2並為每個參數設置各自的條件。
Cloudformation 模板中的組合 Fn::Join 和 Fn::Select
[英]Combination Fn::Join and Fn::Select in Cloudformation template
Cloudformation 模板中的組合 Fn::Select + Fn::Split + Fn:GetAtt
[英]Combination Fn::Select + Fn::Split + Fn:GetAtt in Cloudformation template
CloudFormation:是否可以 Fn::Join 一個 CommaDelimitedList 和一個字符串?
[英]CloudFormation: Is it possible to Fn::Join a CommaDelimitedList and a String?
Fn :: GetAtt中的AWS Cloudformation Fn :: ImportValue
[英]AWS Cloudformation Fn::ImportValue inside Fn::GetAtt
AWS Cloudformation:Fn ::在Fn :: FindInMap語句中加入?
[英]AWS Cloudformation : Fn::Join within a Fn::FindInMap statement?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.