amazon-web-services - 在 Cloudformation 中使用 SNS 进行代码构建通知

Question

我创建了以下 cloudformation 模板来创建 SNS 主题、订阅和 Cloudwatch 规则，以便在代码构建失败时发送通知。当我尝试创建时，在创建 Cloudwatch 规则期间失败，并出现以下问题:

Invalid InputTemplate for target CodeBuildNotifications : [Source: (String)"Build null for build project null has reached the build status of null. Logs are here: null"; line: 1, column: 6]. (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: ValidationException; Request ID: 1f2834f6-f809-4f47-9e8f-585c2be81ffb; Proxy: null)

下面是用于此目的的模板 yaml。

---
AWSTemplateFormatVersion: '2010-09-09'
Description: Creates SNS topic, SNS subscription and Cloudwatch rule for Codebuild Notification
Parameters:
  SubscriptionEndPoint:
    Type: String
    Description: The endpoint that receives notifications.
  SubscriptionProtocol:
    Type: String
    Description: The subscription protocol
    AllowedValues:
    - http
    - https
    - email
    - email-json
    - sms
    - sqs
    - application
    - lambda
    Default: email
Mappings: {}
Conditions: {}
Resources:
  SNSTopic:
    Type: AWS::SNS::Topic
    Properties: {}
  SNSSubscription:
    Type: AWS::SNS::Subscription
    Properties:
      Protocol:
        Ref: SubscriptionProtocol
      Endpoint:
        Ref: SubscriptionEndPoint
      TopicArn:
        Ref: SNSTopic
  CodebuildStateFailureEventRule:
    Type: "AWS::Events::Rule"
    Properties:
      Description: "Rule for sending failure notifications to SNS topic"
      EventPattern:
        source:
          - aws.codebuild
        detail-type:
          - CodeBuild Build State Change
        detail:
          project-name:
            - TestCodeBuildProject
          build-status:
            - FAILED
      State: "ENABLED"
      Targets:
        - Arn:
            Ref: CodebuildNotifications
          Id: CodeBuildNotificationTest
          InputTransformer:            
            InputPathsMap:
              build-id: "$.detail.build-id"
              project-name: "$.detail.project-name"
              build-status: "$.detail.build-status"
              deep-link: "$.detail.additional-information.logs.deep-link" 
            InputTemplate:
              "Build '<build-id>' for build project '<project-name>' has reached the build status of '<build-status>'."
Outputs:
  QueueName:
    Description: Name of the SNS Topic we created
    Value:
      Fn::GetAtt:
      - SNSTopic
      - TopicName
  TopicARN:
    Description: ARN of the SNS Topic we created 
    Value:
      Ref: SNSTopic

我是cloudformation新手，我配置的InputTransformer存在一些问题。有人可以帮忙吗？

提前致谢

Answer 1

对于 sns 目标，您应该使用 Arn: !Ref SNSTopic。您还忘记了 InputTemplate 中的 |:

AWSTemplateFormatVersion: '2010-09-09'
Description: Creates SNS topic, SNS subscription and Cloudwatch rule for Codebuild Notification
Parameters:
  SubscriptionEndPoint:
    Type: String
    Description: The endpoint that receives notifications.
  SubscriptionProtocol:
    Type: String
    Description: The subscription protocol
    AllowedValues:
    - http
    - https
    - email
    - email-json
    - sms
    - sqs
    - application
    - lambda
    Default: email
Mappings: {}
Conditions: {}
Resources:
  SNSTopic:
    Type: AWS::SNS::Topic
    Properties: {}
  SNSSubscription:
    Type: AWS::SNS::Subscription
    Properties:
      Protocol:
        Ref: SubscriptionProtocol
      Endpoint:
        Ref: SubscriptionEndPoint
      TopicArn:
        Ref: SNSTopic

  SnsPolicy:
    Type: AWS::SNS::TopicPolicy
    Properties: 
      Topics: [!Ref SNSTopic]         
      PolicyDocument: !Sub |
          {
            "Version": "2012-10-17",
            "Id": "__default_policy_ID",
            "Statement": [
              {
                "Sid": "__default_statement_ID",
                "Effect": "Allow",
                "Principal": {
                  "AWS": "*"
                },
                "Action": [
                  "SNS:GetTopicAttributes",
                  "SNS:SetTopicAttributes",
                  "SNS:AddPermission",
                  "SNS:RemovePermission",
                  "SNS:DeleteTopic",
                  "SNS:Subscribe",
                  "SNS:ListSubscriptionsByTopic",
                  "SNS:Publish",
                  "SNS:Receive"
                ],
                "Resource": "${SNSTopic}",
                "Condition": {
                  "StringEquals": {
                    "AWS:SourceOwner": "${AWS::AccountId}"
                  }
                }
              },
              {
                "Sid": "Allow EVENts",
                "Effect": "Allow",
                "Principal": {
                  "Service": "events.amazonaws.com"
                },
                "Action": "sns:Publish",
                "Resource": "${SNSTopic}"
              }
            ]
          }


  CodebuildStateFailureEventRule:
    Type: "AWS::Events::Rule"
    Properties:
      Description: "Rule for sending failure notifications to SNS topic"
      EventPattern:
        source:
          - aws.codebuild
        detail-type:
          - CodeBuild Build State Change
        detail:
          project-name:
            - TestCodeBuildProject
          build-status:
            - FAILED
      State: "ENABLED"
      Targets:
       - Arn: !Ref SNSTopic
         Id: CodeBuildNotificationTest
         InputTransformer:
            InputPathsMap:
              build-id: "$.detail.build-id"
              project-name: "$.detail.project-name"
              build-status: "$.detail.build-status"
              deep-link: "$.detail.additional-information.logs.deep-link"
            InputTemplate: |
              "Build '<build-id>' for build project '<project-name>' has reached the build status of '<build-status>'."
Outputs:
  QueueName:
    Description: Name of the SNS Topic we created
    Value:
      Fn::GetAtt:
      - SNSTopic
      - TopicName
  TopicARN:
    Description: ARN of the SNS Topic we created
    Value:
      Ref: SNSTopic

您可能仍需要在 SNS 和事件之间设置权限，但模板应该立即部署。