如何解决我们如何在 AWS Cloudformation 中编写 If (Condtion) do (X and Y) else (do A and B)
Conditions:
IsBeta: !Equals [!Ref Stage,"beta"]
映射:
Mappings:
ABCMap:
beta:
Role1: "arn:aws::iam::...",Role1-Test: "arn:aws::iam::...",Role2: ""arn:aws::iam::...",Role2-Test: "arn:aws::iam::..."
prod:
Role1: "arn:aws::iam::...",Role2: "arn:aws::iam::..."
以及资源政策的一部分:
ResourcePolicy:
CustomStatements:
- Action: ['execute-api:Invoke']
Effect: Allow
Principal:
AWS:
- !FindInMap [ IAMRoleMap,!Ref Stage,Role1 ]
- !FindInMap [ IAMRoleMap,Role2 ]
- Fn::If:
- IsBeta
- - !FindInMap [ ABCMap,Role1-Test ]
- {Ref: 'AWS::Novalue'}
- Fn::If:
- IsBeta
- - !FindInMap [ ABCMap,Role2-Test ]
- {Ref: 'AWS::Novalue'}
Resource: "arn::aws..."
如何将它们组合成一个“if”?或者有没有更好的方式来表达,如果阶段是beta,我只需要在资源策略中有Role1-Test和Role2-Test?
解决方法
您应该将所有原则放在一个大 Fn::If 中:
ResourcePolicy:
CustomStatements:
- Action: ['execute-api:Invoke']
Effect: Allow
Principal:
AWS:
Fn::If:
- IsBeta
- - !FindInMap [ IAMRoleMap,!Ref Stage,Role1 ]
- !FindInMap [ IAMRoleMap,Role2 ]
- !FindInMap [ ABCMap,Role1-Test ]
- !FindInMap [ ABCMap,Role2-Test ]
- - !FindInMap [ IAMRoleMap,Role2 ]
Resource: "arn::aws..."
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
