个人中心
gpt4 book ai didi

amazon-web-services - cloudformation 中的 YAML 格式错误。我该如何修复这个错误?

转载 作者:行者123 更新时间:2023-12-03 07:35:09 26 4
gpt4 key购买 nike

我正在为 cloudformation 编写一个基于 YAML 的模板,但我需要修复此错误,该错误不允许该模板在 aws 上工作。当放入 yaml 验证器时,它可以工作,但 aws 目前不接受此:

Properties:
  Code:
    Zipfile:|
import json
import boto3

s3 = boto3.client('s3')

def lambda_handler(event, context):
    # Get bucket name from the S3 event
    print(event)

    bucket_name = event['detail']['requestParameters']['bucketName']

    # Create a bucket policy
    bucket_policy =json.dumps({
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "MustBeEncryptedAtRest",
                "Effect": "Deny",
                "Principal": "*",
                "Action": "s3:PutObject",
                "Resource": [
                    "arn:aws:s3:::{}".format(bucket_name),
                    "arn:aws:s3:::{}/*".format(bucket_name)
                ],
                "Condition": {
                    "StringNotEquals": {
                        "s3:x-amz-server-side-encryption": [
                          -----
                            "aws:kms"
                        ]
                    }
                }
            },
            {
                "Sid": "MustBeEncryptedInTransit",
                "Effect": "Deny",
                "Principal": "*",
                "Action": "s3:*",
                "Resource": [
                    "arn:aws:s3:::{}".format(bucket_name),
                    "arn:aws:s3:::{}/*".format(bucket_name)
                ],
                "Condition": {
                    "Bool": {
                        "aws:SecureTransport": "false"
                        }
                }
            } ] })


    # Set the new policy
    s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy),

  Handler: lambda_handler,
  Role: -----
  Runtime: python3.7

Type: AWS::Events::Rule
Properties:
  EventPattern:  {
                    "source": [
                        "aws.s3"
                    ],
                    "detail-type": [
                        "AWS API Call via CloudTrail"
                    ],
                    "detail": {
                        "eventSource": [
                            "s3.amazonaws.com"
                        ],
                        "eventName": [
                            "CreateBucket"
                        ]
                    }
                }


我该怎么做才能解决这个问题?我尝试将其放入 yaml 验证器中,但错误消息指向第 1 行第 1 列,并且我已完全遵循 aws 文档,但似乎有些问题。是否所有内容都需要像 JSON 格式那样以字符串形式存在?

最佳答案

看来您在此模板中有 2 个资源,但没有命名单独的资源。我已在下面为您格式化。

YAML 存在一些问题,第一个是结构的对齐,而在 JSON {}[] 中,在 YAML 缩进组合中定义嵌套级别with : 用于提供结构。

使用 Lambda,如果您将 ZipFile 参数缩进,它将成功地在格式中被允许。此外,CloudWatch Event 中的 EventPattern 不能使用 JSON,它必须将此模板的格式转换为 YAML。

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  LambdaFunction:
    Type: 'AWS::Lambda::Function'
    Properties:
      Code:
        ZipFile: |
          import json
          import boto3

          s3 = boto3.client('s3')

          def lambda_handler(event, context):
            # Get bucket name from the S3 event
            print(event)

            bucket_name = event['detail']['requestParameters']['bucketName']

            # Create a bucket policy
            bucket_policy =json.dumps({
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Sid": "MustBeEncryptedAtRest",
                  "Effect": "Deny",
                  "Principal": "*",
                  "Action": "s3:PutObject",
                  "Resource": [
                    "arn:aws:s3:::{}".format(bucket_name),
                    "arn:aws:s3:::{}/*".format(bucket_name)
                  ],
                  "Condition": {
                    "StringNotEquals": {
                      "s3:x-amz-server-side-encryption": [
                        -----
                        "aws:kms"
                      ]
                    }
                  }
                },
                {
                  "Sid": "MustBeEncryptedInTransit",
                  "Effect": "Deny",
                  "Principal": "*",
                  "Action": "s3:*",
                  "Resource": [
                    "arn:aws:s3:::{}".format(bucket_name),
                    "arn:aws:s3:::{}/*".format(bucket_name)
                  ],
                  "Condition": {
                    "Bool": {
                      "aws:SecureTransport": "false"
                      }
                  }
                } ] })


            # Set the new policy
            s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy),
      Handler: lambda_handler
      Role: '-----'
      Runtime: python3.7
  EventRule:
    Type: 'AWS::Events::Rule'
    Properties:
      EventPattern:
        source:
          - aws.s3
        detail-type:
          - AWS API Call via CloudTrail
        detail:
          eventSource:
            - s3.amazonaws.com
          eventName:
            - CreateBucket

关于amazon-web-services - cloudformation 中的 YAML 格式错误。我该如何修复这个错误?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62901125/

26 4 0
文章推荐: amazon-web-services - Fn::Cidr 是随机的吗?
文章推荐: amazon-web-services - CloudFormation GUI 参数覆盖
文章推荐: amazon-web-services - AWS - 启用延迟维护的 RedShift CloudFormation
文章推荐: jenkins - AWS CLI 查询 Cloudformation 以填充 Jenkins 可扩展选择参数
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com