gpt4 book ai didi

amazon-ses - ses 角色的 AWS CloudFormation 环境条件

转载 作者:行者123 更新时间:2023-12-03 07:19:41 28 4
gpt4 key购买 nike

我正在尝试制作一个可重用的 CloudFormation 模板,并且想要执行某种条件,如果环境参数为“test”(或“prod”以外的任何其他环境),则将 SES 电子邮件仅发送到 gmail帐户(即公司帐户),但对于“prod”,请在任何地方发送 SES 电子邮件。我是否必须扮演两个不同的角色并且每个角色都有条件?或者有没有办法在下面的一个角色中做到这一点?感谢您的帮助!

Parameters: 

Environment:
Description: Environment, which can be "test", "stage", "prod", etc.
Type: String

Resources:

Role:
Type: AWS::IAM::Role
Properties:
RoleName: myRole
Path: /
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "ecs.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
-
PolicyName: "ses-policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "ses:SendEmail"
- "ses:SendRawEmail"
Resource: "*"
Condition:
"ForAllValues:StringLike":
"ses:Recipients":
- "*@gmail.com"

最佳答案

Conditions非常适合将这种条件逻辑添加到 CloudFormation 资源属性中。在您的示例中,您可以使用 Fn::If内部函数包括现有的 Policy Condition (不要与 CloudFormation 条件混淆!)如果环境不是 prod,并且 AWS::NoValue否则(当环境为prod时完全删除策略条件):

Parameters:
Environment:
Description: Environment, which can be "test", "stage", "prod", etc.
Type: String
AllowedValues: [test, stage, prod]
Conditions:
IsProdEnvironment: !Equals [ !Ref Environment, prod ]
Resources:
Role:
Type: AWS::IAM::Role
Properties:
RoleName: myRole
Path: /
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "ecs.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
-
PolicyName: "ses-policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "ses:SendEmail"
- "ses:SendRawEmail"
Resource: "*"
Condition: !If
- IsProdEnvironment
- !Ref AWS::NoValue
- "ForAllValues:StringLike":
"ses:Recipients":
- "*@gmail.com"

关于amazon-ses - ses 角色的 AWS CloudFormation 环境条件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41753418/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com