如何解决AWS Cloudformation CommaDelimitedList,fn:if和fn:select的组合
我正在尝试创建cfn堆栈。模板将一个/两个值作为参数部分的输入。如果我正在资源部分中从参数相同的读数传递两个值,则它的工作正常。但是如果我通过一个,那就破了。
用例:-我想从参数中传递两个值并在iam策略中读取它们。如果用户传递了一个值,则应使用{“ Ref”:“ AWS :: Novalue”}。但我一直在努力
模板错误:Fn :: Select无法选择索引1处不存在的值
这是模板-
{
"AWstemplateFormatVersion": "2010-09-09","Description": "Template creates a IAMUser and attach a ListALLBuckets/ReadOnly Access Policy to it.","Parameters": {
"UserName": {
"Type": "String","Description": "Enter User Name"
},"S3Bucket": {
"Type": "CommaDelimitedList","Description": "Select Bucket Name to Associate with the policy","Default": ""
}
},"Conditions": {
"CreateSomeResource": {
"Fn::Not": [{
"Fn::Equals": [{
"Fn::Join": [
"",{
"Ref": "S3Bucket"
}
]
},""
]
}]
}
},"Resources": {
"SomeUserName": {
"Type": "AWS::IAM::User","Properties": {
"UserName": { "Ref": "UserName"}
}
},"SomeUserPolicy": {
"Type": "AWS::IAM::Policy","Properties": {
"Groups": [],"PolicyDocument": {
"Version": "2012-10-17","Statement": [{
"Sid": "ListAllBuckets","Effect": "Allow","Action": [
"s3:ListAllMyBuckets"
],"Resource": "*"
},{
"Sid": "ReadOnlyAccess","Action": [
"s3:GetBucketPolicyStatus","s3:GetBucketTagging","s3:GetBucketLocation","s3:GetBucketPolicy","s3:Getobject"
],"Resource": [
{
"Fn::If": [
"CreateSomeResource",{
"Fn::Join": ["",["arn:aws:s3:::",{
"Fn::Select": ["0",{
"Ref": "S3Bucket"
}
]
}
]]
},{"Ref" : "AWS::Novalue"}
]
},{
"Fn::If": [
"CreateSomeResource",{
"Fn::Select": ["1",{"Ref" : "AWS::Novalue"}
]
}
]
}
]
},"PolicyName": "ReadOnly","Users": [{
"Ref": "SomeUserName"
}]
}
}
},"Outputs": {
"UserName": {
"Description": "Name of the Created User","Value": {
"Ref": "UserName"
}
}
}
}
解决方法
如果S3Bucket
仅具有一个值,则该值:
"Fn::Select": ["1",{
"Ref": "S3Bucket"
}
显然无效。可悲的是,您在那里有CreateSomeResource
条件并不重要。无论条件是true还是false,该选择都必须有效。
最简单的解决方案可能是将存储桶作为两个单独的参数,S3Bucket1
和S3Bucket2
传递,并且每个参数都有各自的条件。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。