个人中心
gpt4 book ai didi

amazon-web-services - CommaDelimitedList、fn :if and fn:select 的 AWS Cloudformation 组合

转载 作者:行者123 更新时间:2023-12-03 07:42:01 24 4
gpt4 key购买 nike

我正在尝试创建一个 cfn 堆栈。模板采用一个/两个值作为参数部分的输入。如果我从参数中传递两个值,则在资源部分中读取相同的值,则其工作正常。但如果我通过了一个,它就会崩溃。

用例:- 我想从参数传递两个值并在 iam 策略中读取它们。如果用户传递一个值,则应使用 {"Ref": "AWS::NoValue"}。但我一直在努力

模板错误:Fn::Select 无法选择索引 1 处不存在的值

这是模板 -

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Template creates a IAMUser and attach a ListALLBuckets/ReadOnly Access Policy to it.",
    "Parameters": {
        "UserName": {
            "Type": "String",
            "Description": "Enter User Name"
        },
        "S3Bucket": {
            "Type": "CommaDelimitedList",
            "Description": "Select Bucket Name to Associate with the policy",
            "Default": ""
        }
    },
    "Conditions": {
        "CreateSomeResource": {
            "Fn::Not": [{
                "Fn::Equals": [{
                        "Fn::Join": [
                            "",
                            {
                                "Ref": "S3Bucket"
                            }
                        ]
                    },
                    ""
                ]
            }]
        }
    },
    "Resources": {
        "SomeUserName": {
            "Type": "AWS::IAM::User",
            "Properties": {
                "UserName":  {  "Ref": "UserName"}
            }
        },
        "SomeUserPolicy": {
            "Type": "AWS::IAM::Policy",
            "Properties": {
                "Groups": [],
                "PolicyDocument": {
                    "Version": "2012-10-17",
                    "Statement": [{
                            "Sid": "ListAllBuckets",
                            "Effect": "Allow",
                            "Action": [
                                "s3:ListAllMyBuckets"
                            ],
                            "Resource": "*"
                        }, {
                            "Sid": "ReadOnlyAccess",
                            "Effect": "Allow",
                            "Action": [
                                "s3:GetBucketPolicyStatus",
                                "s3:GetBucketTagging",
                                "s3:GetBucketLocation",
                                "s3:GetBucketPolicy",
                                "s3:GetObject"
                            ],
                            "Resource": [

                                {
                                    "Fn::If": [
                                        "CreateSomeResource",
                                        {
                                            "Fn::Join": ["", ["arn:aws:s3:::",
                                                {
                                                    "Fn::Select": ["0",
                                                        {
                                                            "Ref": "S3Bucket"
                                                        }
                                                    ]
                                                }
                                            ]]
                                        },
                                        {"Ref" : "AWS::NoValue"}
                                    ]
                                },

                                {
                                    "Fn::If": [
                                        "CreateSomeResource",
                                        {
                                            "Fn::Join": ["", ["arn:aws:s3:::",
                                                {
                                                    "Fn::Select": ["1",
                                                        {
                                                            "Ref": "S3Bucket"
                                                        }
                                                    ]
                                                }
                                            ]]
                                        },
                                        {"Ref" : "AWS::NoValue"}
                                    ]
                                }
                            ]
                        }

                    ]
                },
                "PolicyName": "ReadOnly",

                "Users": [{
                    "Ref": "SomeUserName"
                }]
            }
        }
    },
    "Outputs": {
        "UserName": {
            "Description": "Name of the Created User",
            "Value": {
                "Ref": "UserName"
            }
        }
    }
}

最佳答案

如果S3Bucket只有一个值,则:

"Fn::Select": ["1",
    {
        "Ref": "S3Bucket"
    }

显然是无效的。遗憾的是,那里的 CreateSomeResource 条件并不重要。无论条件为 true 或 false,选择都必须有效。

最简单的解决方案可能是将存储桶作为两个单独的参数传递,即S3Bucket1S3Bucket2,并且每个参数都有各自的条件.

关于amazon-web-services - CommaDelimitedList、fn :if and fn:select 的 AWS Cloudformation 组合,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64431231/

24 4 0
文章推荐: javascript - 用于保存下拉值的 session 存储
文章推荐: forms - Yii CActiveForm验证错误
文章推荐: javascript - html 播放由大量排队的小视频组成的视频
文章推荐: error-handling - ANTLR 4 : How to generate a parse error from an embedded action?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com