根据条件块创建资源,从cloudformation中的自定义资源中获取输出?

【问题标题】:Create a resource based on condition block, which takes output from custom resource in cloudformation?根据条件块创建资源,从cloudformation中的自定义资源中获取输出?
【发布时间】:2019-05-13 07:15:22
【问题描述】:

我根据从我的自定义资源获取输出的条件(即TrueFalse)有条件地创建S3Bucket。我的堆栈模板看起来像这样 

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "BucketName": {
      "Type": "String",
      "Description": "Name of the Bucket."
    }
  },
  "Conditions" : {
    "BucketExistsOutput" : {"Fn::Equals" : [{ "Fn::GetAtt" : [ "BucketExists", "Output" ]}, "False"]}
  },
  "Resources": {
  "S3BucketARN": {
      "Type" : "AWS::S3::Bucket",
      "Condition" : "BucketExistsOutput",
      "Properties" : {
         "BucketName" : { "Ref" : "BucketName" }
         }
       },
    "DeploymentLambdaRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "lambda.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path": "/",
        "Policies": [
          {
            "PolicyName": "PermissionsToLogsAndS3",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "logs:DescribeLogStreams"
                  ],
                  "Resource": [
                    "arn:aws:logs:*:*:*"
                  ]
                },
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:*"
                  ],
                  "Resource": [
                    "*"
                  ]
                }
              ]
            }
          }
        ]
      }
    },
    "DeploymentLambda": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Role": {
          "Fn::GetAtt": [
            "DeploymentLambdaRole",
            "Arn"
          ]
        },
        "Handler": "bucketexists.handler",
        "Runtime": "nodejs4.3",
        "Code": {
          "S3Bucket": "xxxx-xx",
          "S3Key": "bucketcondition.zip"
        }
      }
    },
    "BucketExists": {
      "Type": "Custom::BucketExists",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "DeploymentLambda",
            "Arn"
          ]
        },
        "Bucket": {
          "Ref": "BucketName"
        }
      }
    }
  },
 "Outputs" : {
  "BucketExistsValue" : {
    "Description": "The Value of custom bucket lambda",  
    "Value" : { "Fn::GetAtt" : [ "BucketExists", "Output" ]} 
  }
}
}

这是抛出这样的错误

模板无效:模板格式错误:未解决的依赖关系 [桶存在]。无法在的条件块中引用资源 模板

这说明我无法在我的条件块中指向资源。

我该如何解决这种情况?他们有什么解决方法吗?

谢谢 任何帮助表示赞赏

【问题讨论】:

    标签: amazon-web-services amazon-cloudformation


    【解决方案1】:

    我通过将该资源的输出也设置为条件来解决此问题。 您可以在官方文档的示例中找到示例:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html

    【讨论】:

    • 直接在您的答案中发布示例会很有帮助:)
    【解决方案2】:

    我可以通过将上面的堆栈分成两部分来解决我的问题

    1.自定义 lambda 堆栈

    {
      "AWSTemplateFormatVersion": "2010-09-09",
      "Parameters": {
        "ProjectId": {
          "Type": "String",
          "Description": "Name of the ProjectId."
        },
         "BucketName": {
          "Type": "String",
          "Description": "Name of the BucketName."
        }
      },
      "Resources": {
        "DeploymentLambdaRole": {
          "Type": "AWS::IAM::Role",
          "Properties": {
            "AssumeRolePolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Principal": {
                    "Service": [
                      "lambda.amazonaws.com"
                    ]
                  },
                  "Action": [
                    "sts:AssumeRole"
                  ]
                }
              ]
            },
            "Path": "/",
            "Policies": [
              {
                "PolicyName": "PermissionsToLogsAndS3",
                "PolicyDocument": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Action": [
                        "logs:CreateLogGroup",
                        "logs:CreateLogStream",
                        "logs:PutLogEvents",
                        "logs:DescribeLogStreams"
                      ],
                      "Resource": [
                        "arn:aws:logs:*:*:*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "s3:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    }
                  ]
                }
              }
            ]
          }
        },
        "DeploymentLambda": {
          "Type": "AWS::Lambda::Function",
          "Properties": {
            "Role": {
              "Fn::GetAtt": [
                "DeploymentLambdaRole",
                "Arn"
              ]
            },
            "Handler": "bucketexists.handler",
            "Runtime": "nodejs4.3",
            "Code": {
              "S3Bucket": "xxxxxxxx",
              "S3Key": "bucketcondition.zip"
            }
          }
        },
        "BucketExists": {
          "Type": "Custom::BucketExists",
          "Properties": {
            "ServiceToken": {
              "Fn::GetAtt": [
                "DeploymentLambda",
                "Arn"
              ]
            },
            "Bucket": {
              "Ref": "BucketName"
            }
          }
        }
      },
     "Outputs" : {
      "BucketExistsValue" : {
        "Description": "The Value of custom bucket lambda",  
        "Value" : { "Fn::GetAtt" : [ "BucketExists", "Output" ]}    
      }
    }
    }

    2。 S3 存储桶的堆栈

    {
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "BucketExistsValue": {
      "Type": "String",
      "Description": "Return value of the Bucket."
    },
     "ProjectId": {
      "Type": "String",
      "Description": "Name of the Project."
    }
  },
  "Conditions" : {
    "BucketExistsOutput" : {"Fn::Equals" : [{ "Ref" :"BucketExistsValue" }, "False"]}
  },
  "Resources": {
  "S3BucketARN": {
      "Type" : "AWS::S3::Bucket",
      "Condition" : "BucketExistsOutput",
      "Properties" : {
         "BucketName" : {  "Fn::Join": [
                            "-",
                            [
                                "testpika",
                                {
                                    "Ref": "ProjectId"
                                },
                                {
                                    "Ref": "AWS::Region"
                                }
                            ]
                        ] }
         }
       }
  }
}

    使用Codepipeline,我在部署阶段 1 创建了两个操作,然后是 2(即 1 -> 2)。在第一个堆栈中,我将自定义 lambda 的输出作为键值对存储在输出工件中,在第二个堆栈中,我将使用输出工件通过 Parameter Overrides 将自定义 lambda 键值对作为输入参数传递。

    谢谢

    【讨论】:

    猜你喜欢
    • 2021-04-06
    • 1970-01-01
    • 1970-01-01
    • 2020-05-29
    • 2018-03-02
    • 2019-08-02
    • 1970-01-01
    • 2018-03-10
    • 2020-12-16
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode