Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 基于条件块创建一个资源,它从cloudformation中的自定义资源获取输出?

Amazon web services 基于条件块创建一个资源,它从cloudformation中的自定义资源获取输出?

amazon-web-services amazon-cloudformation

Amazon web services 基于条件块创建一个资源,它从cloudformation中的自定义资源获取输出?,amazon-web-services,amazon-cloudformation,Amazon Web Services,Amazon Cloudformation,我正在根据从自定义资源(即True或False)获取输出的条件创建一个S3Bucket。我的堆栈模板如下所示 { "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "BucketName": { "Type": "String", "Description": "Name of the Bucket." } }, "Conditions" : { "BucketExi

我正在根据从自定义资源(即
True
False
)获取输出的条件创建一个
S3Bucket
。我的堆栈模板如下所示

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "BucketName": {
      "Type": "String",
      "Description": "Name of the Bucket."
    }
  },
  "Conditions" : {
    "BucketExistsOutput" : {"Fn::Equals" : [{ "Fn::GetAtt" : [ "BucketExists", "Output" ]}, "False"]}
  },
  "Resources": {
  "S3BucketARN": {
      "Type" : "AWS::S3::Bucket",
      "Condition" : "BucketExistsOutput",
      "Properties" : {
         "BucketName" : { "Ref" : "BucketName" }
         }
       },
    "DeploymentLambdaRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": [
                  "lambda.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path": "/",
        "Policies": [
          {
            "PolicyName": "PermissionsToLogsAndS3",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "logs:CreateLogGroup",
                    "logs:CreateLogStream",
                    "logs:PutLogEvents",
                    "logs:DescribeLogStreams"
                  ],
                  "Resource": [
                    "arn:aws:logs:*:*:*"
                  ]
                },
                {
                  "Effect": "Allow",
                  "Action": [
                    "s3:*"
                  ],
                  "Resource": [
                    "*"
                  ]
                }
              ]
            }
          }
        ]
      }
    },
    "DeploymentLambda": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Role": {
          "Fn::GetAtt": [
            "DeploymentLambdaRole",
            "Arn"
          ]
        },
        "Handler": "bucketexists.handler",
        "Runtime": "nodejs4.3",
        "Code": {
          "S3Bucket": "xxxx-xx",
          "S3Key": "bucketcondition.zip"
        }
      }
    },
    "BucketExists": {
      "Type": "Custom::BucketExists",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "DeploymentLambda",
            "Arn"
          ]
        },
        "Bucket": {
          "Ref": "BucketName"
        }
      }
    }
  },
 "Outputs" : {
  "BucketExistsValue" : {
    "Description": "The Value of custom bucket lambda",  
    "Value" : { "Fn::GetAtt" : [ "BucketExists", "Output" ]} 
  }
}
}
这是在抛出这样的错误

模板无效:模板格式错误:未解析的依赖项 [BucketExists]。无法引用的条件块中的资源 模板

也就是说我不能指向我的条件块中的资源

我怎样才能解决这个问题?他们有什么解决办法吗?

谢谢
非常感谢您的帮助

我可以通过将上面的堆栈分为两部分来解决我的问题

1。用于定制lambda的堆栈

{
      "AWSTemplateFormatVersion": "2010-09-09",
      "Parameters": {
        "ProjectId": {
          "Type": "String",
          "Description": "Name of the ProjectId."
        },
         "BucketName": {
          "Type": "String",
          "Description": "Name of the BucketName."
        }
      },
      "Resources": {
        "DeploymentLambdaRole": {
          "Type": "AWS::IAM::Role",
          "Properties": {
            "AssumeRolePolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Principal": {
                    "Service": [
                      "lambda.amazonaws.com"
                    ]
                  },
                  "Action": [
                    "sts:AssumeRole"
                  ]
                }
              ]
            },
            "Path": "/",
            "Policies": [
              {
                "PolicyName": "PermissionsToLogsAndS3",
                "PolicyDocument": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Action": [
                        "logs:CreateLogGroup",
                        "logs:CreateLogStream",
                        "logs:PutLogEvents",
                        "logs:DescribeLogStreams"
                      ],
                      "Resource": [
                        "arn:aws:logs:*:*:*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "s3:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    }
                  ]
                }
              }
            ]
          }
        },
        "DeploymentLambda": {
          "Type": "AWS::Lambda::Function",
          "Properties": {
            "Role": {
              "Fn::GetAtt": [
                "DeploymentLambdaRole",
                "Arn"
              ]
            },
            "Handler": "bucketexists.handler",
            "Runtime": "nodejs4.3",
            "Code": {
              "S3Bucket": "xxxxxxxx",
              "S3Key": "bucketcondition.zip"
            }
          }
        },
        "BucketExists": {
          "Type": "Custom::BucketExists",
          "Properties": {
            "ServiceToken": {
              "Fn::GetAtt": [
                "DeploymentLambda",
                "Arn"
              ]
            },
            "Bucket": {
              "Ref": "BucketName"
            }
          }
        }
      },
     "Outputs" : {
      "BucketExistsValue" : {
        "Description": "The Value of custom bucket lambda",  
        "Value" : { "Fn::GetAtt" : [ "BucketExists", "Output" ]}    
      }
    }
    }
2。S3存储桶的堆栈

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "BucketExistsValue": {
      "Type": "String",
      "Description": "Return value of the Bucket."
    },
     "ProjectId": {
      "Type": "String",
      "Description": "Name of the Project."
    }
  },
  "Conditions" : {
    "BucketExistsOutput" : {"Fn::Equals" : [{ "Ref" :"BucketExistsValue" }, "False"]}
  },
  "Resources": {
  "S3BucketARN": {
      "Type" : "AWS::S3::Bucket",
      "Condition" : "BucketExistsOutput",
      "Properties" : {
         "BucketName" : {  "Fn::Join": [
                            "-",
                            [
                                "testpika",
                                {
                                    "Ref": "ProjectId"
                                },
                                {
                                    "Ref": "AWS::Region"
                                }
                            ]
                        ] }
         }
       }
  }
}
使用
codepippeline
我在部署阶段1中创建了两个操作,然后是2(即1->2)。在第一个堆栈中,我将自定义lambda的输出作为键值对存储在输出工件中,在第二个堆栈中,我将使用输出工件将自定义lambda键值对作为输入参数传递

谢谢

我可以通过将上面的堆栈分为两部分来解决我的问题

1。用于定制lambda的堆栈

{
      "AWSTemplateFormatVersion": "2010-09-09",
      "Parameters": {
        "ProjectId": {
          "Type": "String",
          "Description": "Name of the ProjectId."
        },
         "BucketName": {
          "Type": "String",
          "Description": "Name of the BucketName."
        }
      },
      "Resources": {
        "DeploymentLambdaRole": {
          "Type": "AWS::IAM::Role",
          "Properties": {
            "AssumeRolePolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Principal": {
                    "Service": [
                      "lambda.amazonaws.com"
                    ]
                  },
                  "Action": [
                    "sts:AssumeRole"
                  ]
                }
              ]
            },
            "Path": "/",
            "Policies": [
              {
                "PolicyName": "PermissionsToLogsAndS3",
                "PolicyDocument": {
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Effect": "Allow",
                      "Action": [
                        "logs:CreateLogGroup",
                        "logs:CreateLogStream",
                        "logs:PutLogEvents",
                        "logs:DescribeLogStreams"
                      ],
                      "Resource": [
                        "arn:aws:logs:*:*:*"
                      ]
                    },
                    {
                      "Effect": "Allow",
                      "Action": [
                        "s3:*"
                      ],
                      "Resource": [
                        "*"
                      ]
                    }
                  ]
                }
              }
            ]
          }
        },
        "DeploymentLambda": {
          "Type": "AWS::Lambda::Function",
          "Properties": {
            "Role": {
              "Fn::GetAtt": [
                "DeploymentLambdaRole",
                "Arn"
              ]
            },
            "Handler": "bucketexists.handler",
            "Runtime": "nodejs4.3",
            "Code": {
              "S3Bucket": "xxxxxxxx",
              "S3Key": "bucketcondition.zip"
            }
          }
        },
        "BucketExists": {
          "Type": "Custom::BucketExists",
          "Properties": {
            "ServiceToken": {
              "Fn::GetAtt": [
                "DeploymentLambda",
                "Arn"
              ]
            },
            "Bucket": {
              "Ref": "BucketName"
            }
          }
        }
      },
     "Outputs" : {
      "BucketExistsValue" : {
        "Description": "The Value of custom bucket lambda",  
        "Value" : { "Fn::GetAtt" : [ "BucketExists", "Output" ]}    
      }
    }
    }
2。S3存储桶的堆栈

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "BucketExistsValue": {
      "Type": "String",
      "Description": "Return value of the Bucket."
    },
     "ProjectId": {
      "Type": "String",
      "Description": "Name of the Project."
    }
  },
  "Conditions" : {
    "BucketExistsOutput" : {"Fn::Equals" : [{ "Ref" :"BucketExistsValue" }, "False"]}
  },
  "Resources": {
  "S3BucketARN": {
      "Type" : "AWS::S3::Bucket",
      "Condition" : "BucketExistsOutput",
      "Properties" : {
         "BucketName" : {  "Fn::Join": [
                            "-",
                            [
                                "testpika",
                                {
                                    "Ref": "ProjectId"
                                },
                                {
                                    "Ref": "AWS::Region"
                                }
                            ]
                        ] }
         }
       }
  }
}
使用
codepippeline
我在部署阶段1中创建了两个操作,然后是2(即1->2)。在第一个堆栈中,我将自定义lambda的输出作为键值对存储在输出工件中,在第二个堆栈中,我将使用输出工件将自定义lambda键值对作为输入参数传递

谢谢

我通过将该资源的输出设置为有条件的来解决这个问题。
您可以在官方文档的示例中找到该示例:

我通过将该资源的输出设置为有条件的来解决此问题。
您可以在官方文档的示例中找到示例:

直接在您的答案中发布示例会很有帮助:)直接在您的答案中发布示例会很有帮助:)对于任何不想使用CodePipeline来实现这一点的人,您应该能够使用嵌套堆栈来完成同样的事情。在第一个模板(“stackforcustomlambda”)中,只需创建一个使用第二个模板的
Stack
资源。将
BucketExistsValue
作为参数传递给子堆栈;第二个模板中不需要任何更改。AWS文档:对于任何不想使用CodePipeline来实现这一点的人,您应该能够使用嵌套堆栈来完成同样的事情。在第一个模板(“stackforcustomlambda”)中,只需创建一个使用第二个模板的
Stack
资源。将
BucketExistsValue
作为参数传递给子堆栈;第二个模板中不需要任何更改。AWS文件: