amazon-web-services - Cloudformation 无法将输出参数与嵌套堆栈一起使用

Question

我正在尝试使用 Cloudformation 嵌套堆栈。我的想法是使用 Cloudformation 创建 VPC、S3 存储桶、Codebuild 项目和 Codepipeline 管道。

我的问题:Cloudformation 表示以下参数(由子堆栈输出)需要值:

• 专有网络
• 私有(private)子网1
• 私有(private)子网2
• 私有(private)子网3
• 存储桶名称

这些参数应该具有值，因为当我在控制台中查看已完成的子堆栈时存在该值。

我将仅显示父级、s3 和 codepipeline 的模板。关于这三个模板，问题是我无法在我的 CodePipelineStack

中使用来自 S3Stack 的输出 BucketName

我的代码:

cfn-main.yaml

AWSTemplateFormatVersion: 2010-09-09

Description: root template for codepipeline poc

Parameters:

  BucketName:
    Type: String

  VpcName:
    Description: name of the vpc
    Type: String
    Default: sandbox

  DockerUsername:
    Type: String
    Description: username for hub.docker
    Default: seanturner026

  DockerPassword:
    Type: String
    Description: password for hub.docker
    Default: /codebuild/docker/password

  Environment:
    Type: String
    Description: environment
    AllowedValues:
      - dev
      - prod
    Default: dev

  Vpc:
    Type: AWS::EC2::VPC::Id

  PrivateSubnet1:
    Type: AWS::EC2::Subnet::Id

  PrivateSubnet2:
    Type: AWS::EC2::Subnet::Id

  PrivateSubnet3:
    Type: AWS::EC2::Subnet::Id

  GithubRepository:
    Type: String
    Description: github repository
    Default: aws-codepipeline-poc

  GithubBranch:
    Type: String
    Description: github branch
    Default: master

  GithubOwner:
    Type: String
    Description: github owner
    Default: SeanTurner026

  GithubToken:
    Type: String
    Description: github token for codepipeline
    NoEcho: true

Resources:
  VpcStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        VpcName: !Ref VpcName
      TemplateURL: resources/vpc.yaml

  S3Stack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: resources/s3.yaml

  CodeBuildStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Environment: !Ref Environment
        DockerUsername: !Ref DockerUsername
        DockerPassword: !Ref DockerPassword
        Vpc: !GetAtt VpcStack.Outputs.VpcId
        PrivateSubnet1: !GetAtt VpcStack.Outputs.PrivateSubnetId1
        PrivateSubnet2: !GetAtt VpcStack.Outputs.PrivateSubnetId2
        PrivateSubnet3: !GetAtt VpcStack.Outputs.PrivateSubnetId3
      TemplateURL: resources/codebuild.yaml

  CodePipelineStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      Parameters:
        Environment: !Ref Environment
        GithubRepository: !Ref GithubRepository
        GithubBranch: !Ref GithubBranch
        GithubOwner: !Ref GithubOwner
        GithubToken: !Ref GithubToken
        S3: !GetAtt S3Stack.Outputs.BucketName
      TemplateURL: resources/codepipeline.yaml

s3.yaml

AWSTemplateFormatVersion: 2010-09-09

Description: s3 bucket for aws codepipeline poc

Resources:
  S3:
    Type: "AWS::S3::Bucket"
    Properties:
      BucketName: "aws-sean-codepipeline-poc"

Outputs:
  BucketName:
    Description: S3 bucket name
    Value: !Ref S3

codepipeline.yaml - 请参阅ArtifactStore。这就是 cloudformation 将我的参数 BucketName 视为无值的地方。

AWSTemplateFormatVersion: 2010-09-09

Description: codepipeline for aws codepipeline poc

Parameters:

  BucketName:
    Type: String

  Environment:
    Type: String
    Description: environment
    AllowedValues:
      - dev
      - prod
    Default: dev

  GithubRepository:
    Type: String
    Description: github repository
    Default: aws-codepipeline-poc

  GithubBranch:
    Type: String
    Description: github branch
    Default: master

  GithubOwner:
    Type: String
    Description: github owner
    Default: SeanTurner026

  GithubToken:
    Type: String
    Description: github token for codepipeline
    NoEcho: true

Resources:
  CodePipelineRole:
    Type: "AWS::IAM::Role"
    Properties:
      RoleName: !Join
        - ""
        - - !Ref AWS::StackName
          - "-code-pipeline-role-"
          - !Ref Environment
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          Effect: "Allow"
          Principal:
            Service: "codepipeline.amazonaws.com"
          Action: "sts:AssumeRole"

  CodePipelinePolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyName: !Join
        - ""
        - - !Ref AWS::StackName
          - "-code-pipeline-policy-"
          - !Ref Environment
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          Effect: Allow
          Action:
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:PutLogEvents
            - s3:putObject
            - s3:getObject
            - codebuild:*
          Resource:
            - "*"
      Roles:
        - !Ref CodePipelineRole

  Pipeline:
    Type: "AWS::CodePipeline::Pipeline"
    Properties:
      Name: !Join
        - ""
        - - "code-pipeline-poc-"
          - !Ref AWS::StackName
      ArtifactStore:
        Location: !Ref BucketName
        Type: S3
      RestartExecutionOnUpdate: true
      RoleArn: !Join
        - ""
        - - "arn:aws:iam::"
          - !Ref AWS::AccountId
          - ":role/"
          - !Ref CodePipelineRole
      Stages:
        - Name: checkout-source-code
          Actions:
            - Name: SourceAction
              RunOrder: 1
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Provider: GitHub
                Version: 1
              Configuration:
                Owner: !Ref GithubOwner
                Repo: !Ref GithubRepository
                Branch: !Ref GithubBranch
                PollForSourceChanges: true
                OAuthToken: !Ref GithubToken
              OutputArtifacts:
                - Name: source-code

        - Name: docker-build-push
          Actions:
            - Name: build-push-job
              RunOrder: 1
              InputArtifacts:
                - Name: source-code
              ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: 1
              Configuration:
                ProjectName: !Ref BuildPushJob
              OutputArtifacts:
                - Name: build-push-job

抱歉，如果这太冗长了。如果上面遗漏了，问题是 codepipeline.yaml 中的 ArtifactStore 将我的参数 BucketName 视为无值，尽管输出了值由 S3Stack 提供。

Answer 1

您将参数作为 S3 传递，但模板期望它作为 BucketName。