Amazon cloudformation CloudFormation魔术从帐户ID列表生成ARN列表
在我的模板中,我将帐户ID的Amazon cloudformation CloudFormation魔术从帐户ID列表生成ARN列表,amazon-cloudformation,Amazon Cloudformation,在我的模板中,我将帐户ID的CommaDelimitedList作为参数传递 我希望做一些Fn::Join和/或Fn::Sub魔术来转换列表,如下所示: "Accounts" : { "Type" : "CommaDelimitedList", "Default" : "12222234,23333334,1122143234,..." } To be used in the template as a list `root` ARN's as : [ "arn:
CommaDelimitedListFn::JoinFn::Sub "Accounts" : {
"Type" : "CommaDelimitedList",
"Default" : "12222234,23333334,1122143234,..."
}
To be used in the template as a list `root` ARN's as :
[
"arn:aws:iam::12222234:root"
"arn:aws:iam::23333334:root"
"arn:aws:iam::1122143234:root"
]
任何人都有这样的现成代码吗?下面的代码可以工作,但它有一个很强的限制: 由于
Fn::Join"arn:aws:iam::xxxxx,yyyyy,zzzzzz,fffffff:root"
"Principal": {
"AWS":{
"Fn::Split" :
[",",
{"Fn::Join" : [",arn:aws:iam::",
{
"Fn::Split" :
[",",
{"Fn::Join" :
[":root,", {"Ref": "Accounts"}]}
]
}
]}
]
}
}
不太好,但比以前好 通过使用
Fn::Sub连接AWS: !Split
- ','
- !Sub
- 'arn:aws:iam::${inner}:root'
- inner: !Join
- ':root,arn:aws:iam::'
- Ref: "Accounts"
"Fn::Split": [
",",
{
"Fn::Sub": [
"arn:aws:iam::${rest}:root",
{
"rest": {
"Fn::Join": [
":root,arn:aws:iam::",
{ "Ref": "Accounts" }
]
}
}
]
}
]
几年后,我想补充一点,@borkl上面的回复基本上对我也有效,但我不得不寻求AWS支持部门对我的案例的帮助。我想我应该在这里学习 注:参数类型为CommaDelimitedList 基本上,过程是这样的:
!Split
- ","
- -!Sub
- arn:aws:iam::aws:policy/${rest}
- rest:
!Join
- ",arn:aws:iam::aws:policy/"
- !Ref AWSManagedPolicies