【发布时间】:2021-02-02 11:01:26
【问题描述】:
我正在尝试创建一个 cfn 堆栈。模板将一/两个值作为参数部分的输入。如果我在资源部分中从参数相同的读数中传递两个值,则它工作正常。但是如果我通过一个它就会打破。
用例:- 我想从参数中传递两个值并在 iam 策略中读取它们。如果用户传递了一个值,它应该使用 {"Ref" : "AWS::NoValue"}。但我一直在努力
模板错误:Fn::Select 无法选择索引 1 处不存在的值
这是模板-
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Template creates a IAMUser and attach a ListALLBuckets/ReadOnly Access Policy to it.",
"Parameters": {
"UserName": {
"Type": "String",
"Description": "Enter User Name"
},
"S3Bucket": {
"Type": "CommaDelimitedList",
"Description": "Select Bucket Name to Associate with the policy",
"Default": ""
}
},
"Conditions": {
"CreateSomeResource": {
"Fn::Not": [{
"Fn::Equals": [{
"Fn::Join": [
"",
{
"Ref": "S3Bucket"
}
]
},
""
]
}]
}
},
"Resources": {
"SomeUserName": {
"Type": "AWS::IAM::User",
"Properties": {
"UserName": { "Ref": "UserName"}
}
},
"SomeUserPolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"Groups": [],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Sid": "ListAllBuckets",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
}, {
"Sid": "ReadOnlyAccess",
"Effect": "Allow",
"Action": [
"s3:GetBucketPolicyStatus",
"s3:GetBucketTagging",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetObject"
],
"Resource": [
{
"Fn::If": [
"CreateSomeResource",
{
"Fn::Join": ["", ["arn:aws:s3:::",
{
"Fn::Select": ["0",
{
"Ref": "S3Bucket"
}
]
}
]]
},
{"Ref" : "AWS::NoValue"}
]
},
{
"Fn::If": [
"CreateSomeResource",
{
"Fn::Join": ["", ["arn:aws:s3:::",
{
"Fn::Select": ["1",
{
"Ref": "S3Bucket"
}
]
}
]]
},
{"Ref" : "AWS::NoValue"}
]
}
]
}
]
},
"PolicyName": "ReadOnly",
"Users": [{
"Ref": "SomeUserName"
}]
}
}
},
"Outputs": {
"UserName": {
"Description": "Name of the Created User",
"Value": {
"Ref": "UserName"
}
}
}
}
【问题讨论】:
标签: amazon-web-services amazon-s3 amazon-cloudformation amazon-iam