如何解决在 AWS CloudFormation 中使用动态引用
我正在尝试使用 CloudFormation 创建 IAM 角色。以下代码段显示了信任策略:
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": {
"Federated": "arn:aws:iam::1234567890123:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/89ABCDWEFGHRRUUUR4DDF70C"
},"Action": "sts:AssumeRoleWithWebIdentity","Condition": {
"StringEquals": {
"oidc.eks.us-east-1.amazonaws.com/id/89ABCDWEFGHRRUUUR4DDF70C:sub": "system:serviceaccount:kube-system:aws-load-balancer-controller"
}
}
}
]
}
我想让它动态化,因为它应该从映射或参数中选择 OIDC 提供程序的值。
这是我目前所做的:
"AssumeRolePolicyDocument": {
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": {
"Federated": {
"Fn::Join": [
"",[
{
"Fn::Sub": "arn:aws:iam::${AWS::AccountId}:oidc-provider/"
},{
"Fn::FindInMap": [
"Environments",{
"Ref": "EnvironUsed"
},"OIDCProvider"
]
}
]
]
}
},"Condition": {
"StringEquals": {
"oidc.eks.us-east-1.amazonaws.com/id/89738A59036B9EB2704B9ABC44DDF70C:sub" : "system:serviceaccount:kube-system:aws-load-balancer-controller"
}
}
}
]
}
我无法使最后一部分(提到 OIDC 提供商的条件部分)动态化。当我尝试在花括号中包含 Fn::Join 代替 "oidc.eks.us-east-1.amazonaws.com/id/89ABCDWEFGHRRUUUR4DDF70C:sub"
时,JSON 无效>版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。