Amazon web services 自定义资源的堆栈策略
我已经这样定义了cloudformation模板:Amazon web services 自定义资源的堆栈策略,amazon-web-services,amazon-cloudformation,amazon-cognito,Amazon Web Services,Amazon Cloudformation,Amazon Cognito,我已经这样定义了cloudformation模板: AWSTemplateFormatVersion: 2010-09-09 Description: Auth stack Transform: AWS::Serverless-2016-10-31 Parameters: DeveloperProviderName: Description: Developer provider name Type: String Conditions: Never: !Eq
AWSTemplateFormatVersion: 2010-09-09
Description: Auth stack
Transform: AWS::Serverless-2016-10-31
Parameters:
DeveloperProviderName:
Description: Developer provider name
Type: String
Conditions:
Never:
!Equals [ "true", "false" ]
Resources:
CognitoIdentityPool:
Type: Custom::CognitoIdentityPool
Version: '1.0'
Properties:
IdentityPoolName: !Sub "${AWS::StackName}-cognito-idp"
DeveloperProviderName: !Ref DeveloperProviderName
ServiceToken: !GetAtt CreateIdentityPoolFunction.Arn
.
.
more stuff here for the lambda function etc
.
.
然后我想添加堆栈策略并拒绝替换和删除:
{
"Statement": [
{
"Effect": "Allow",
"Action": "Update:*",
"Principal": "*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": [
"Update:Replace",
"Update:Delete"
],
"Principal": "*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ResourceType": [
"Custom::CognitoIdentityPool"
]
}
}
}
]
}
以下是我设置堆栈策略的方式:
aws cloudformation set-stack-policy \
--stack-name ${stackName} \
--stack-policy-body file://${policyPath}
An error occurred (ValidationError) when calling the SetStackPolicy operation: Error validating stack policy: Unknown resource type 'Custom::CognitoIdentityPool' in statement {}
这是我在设置堆栈策略时遇到的错误:
aws cloudformation set-stack-policy \
--stack-name ${stackName} \
--stack-policy-body file://${policyPath}
An error occurred (ValidationError) when calling the SetStackPolicy operation: Error validating stack policy: Unknown resource type 'Custom::CognitoIdentityPool' in statement {}
您知道如何使用堆栈策略保护这些自定义资源吗?我认为您不能使用自定义资源。委员会: 指定应用于的策略。要指定特定资源的逻辑ID,请使用Resource元素
其中“资源类型”是AWS提供的资源类型之一。据我所知,没有解决方案。@STAVROSZAVRAKA是其自定义资源,因此您可以对其进行编程以忽略任何删除或更新。但除此之外,我不知道还有什么更好的解决办法。