Amazon web services 模板错误:函数实例引用未定义的资源
背景 我正试图通过云形成为代码构建添加服务角色。 我不断得到以下错误,但我不知道如何修复它 未能创建更改集:服务生更改集创建完成失败: 服务员遇到终端故障状态:失败。原因: 模板错误:Fn::GetAtt的实例引用了未定义的资源 代码构建服务角色 我有以下文件,其中包含我的代码构建配置Amazon web services 模板错误:函数实例引用未定义的资源,amazon-web-services,aws-codebuild,Amazon Web Services,Aws Codebuild,背景 我正试图通过云形成为代码构建添加服务角色。 我不断得到以下错误,但我不知道如何修复它 未能创建更改集:服务生更改集创建完成失败: 服务员遇到终端故障状态:失败。原因: 模板错误:Fn::GetAtt的实例引用了未定义的资源 代码构建服务角色 我有以下文件,其中包含我的代码构建配置 Mappings: 'Fn::Transform': Name: 'AWS::Include' Parameters: Location: s3://source-code-for
Mappings:
'Fn::Transform':
Name: 'AWS::Include'
Parameters:
Location: s3://source-code-for-download-by-ec2s/include.yaml
Parameters:
RepositoryBranch:
Type: String
Description: git branch to test and deploy
OAuthToken:
Type: String
Description: >
OAuth Token for this code pipeline to connect to GitHub to download the source code
when the webhook publishes a push event
NoEcho: true
Resources:
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub 'xxxxxxx-dev-branch-${XXXXXXXXX}-xxxx'
Artifacts:
Type: S3
Location: 'xxxxxxxxx'
Path: !Sub 'XXXXXXXXXX/${XXXXXXXX}'
Name: 'repo.zip'
Packaging: ZIP
BadgeEnabled: true
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: 'abcxxxxxxxxxxxxxxxxabcxxxxxxxxxxxxxxxxxxabcxxxxxxxxxx'
ImagePullCredentialsType: SERVICE_ROLE
Type: LINUX_CONTAINER
PrivilegedMode: true
LogsConfig:
CloudWatchLogs:
Status: ENABLED
ServiceRole: !GetAtt CodeBuildServiceRole.Arn
Source:
Type: GITHUB
Auth:
Type: OAUTH
Resource: !Sub '${OAuthToken}'
Location: 'https://github.com/xxxxxxxxxx/xxxxxxxxxxxxxxxx-xxxxxxxxxx.git'
GitCloneDepth: 0 # no need to download git version history with the repo, just grab the latest version of this branch
ReportBuildStatus: true
SourceVersion: !Ref RepositoryBranch
TimeoutInMinutes: 60
AWSTemplateFormatVersion: 2010-09-09
Resources:
CodeBuildServiceRole:
Type: AWS::IAM::Role
Properties:
RoleName: AWSCodeBuildServiceRole-role-created-by-cloudformation
AssumeRolePolicyDocument: '{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
}
}
]
}'
ManagedPolicyArns: [!Ref CodeBuildServiceRolePolicy]
Path: /service-role/
CodeBuildServiceRolePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: AWSCodeBuildServiceRole-policy-created-by-cloudformation
Description: 'Policy meant for CodeBuild service role that CodeBuild runs-as to deploy code from Github to S3'
PolicyDocument: '{
"Statement": [
{
"Action": [
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
}
}
},
{
"Action": [
"codebuild:*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codedeploy:CreateDeployment",
"codedeploy:GetApplication",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentConfig",
"codedeploy:RegisterApplicationRevision"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"lambda:InvokeFunction",
"lambda:ListFunctions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"opsworks:CreateDeployment",
"opsworks:DescribeApps",
"opsworks:DescribeCommands",
"opsworks:DescribeDeployments",
"opsworks:DescribeInstances",
"opsworks:DescribeStacks",
"opsworks:UpdateApp",
"opsworks:UpdateStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"devicefarm:ListProjects",
"devicefarm:ListDevicePools",
"devicefarm:GetRun",
"devicefarm:GetUpload",
"devicefarm:CreateUpload",
"devicefarm:ScheduleRun"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:ListProvisioningArtifacts",
"servicecatalog:CreateProvisioningArtifact",
"servicecatalog:DescribeProvisioningArtifact",
"servicecatalog:DeleteProvisioningArtifact",
"servicecatalog:UpdateProduct"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudformation:ValidateTemplate"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecr:DescribeImages"
],
"Resource": "*"
}
],
"Version": "2012-10-17"
}'
Outputs:
CodeBuildServiceRoleExportThingArn:
Description: 'ARN of code-build service role, to be imported by CodeBuild stacks'
Value: !GetAtt CodeBuildServiceRole.Arn
Export:
Name: CodeBuildServiceRoleArn
这两个文件都在同一个目录中,因此我不确定为什么会出现此错误。我想输入一些信息,因为我已经在这个目录上停留了一段时间。我没有看到任何地方嵌套堆栈,所以我假设这是两个不同的堆栈?在这种情况下,您不能只引用另一个堆栈中的实体——它们彼此都不知道。但是您可以使用CFN内部函数来获取堆栈输出 请记住,必须首先运行带有
CodeBuildServiceRoleResources:
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
ServiceRole: !ImportValue CodeBuildServiceRoleArn
你修正了这个错误了吗?哪个堆栈给了你这个错误?导出值的那个,还是导入值的那个?我不好,我用相同的堆栈名创建了两个堆栈,这就是我现在好的原因