我想为此资源提供2个存在于堆栈外部的安全组,以及作为堆栈一部分创建的安全组...
我已尝试过以下内容并收到错误:
属性值SecurityGroups的类型为List of String
SecurityGroups:
- !FindInMap [ envMap, !Ref env, securityGroups ]
- !GetAtt SG.GroupId
供参考,这是我的地图
Mappings:
envMap:
qa:
"securityGroups":
- sg-xxxxxxxx
- sg-yyyyyyyy
这是资源
LoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Name: !Join
- '-'
- - 'OR'
- 'ALB'
- !Ref env
Scheme: internal
SecurityGroups: !FindInMap [ envMap, !Ref env, securityGroups ]
Subnets: !FindInMap [ envMap, !Ref env, subnets ]
Type: application
IpAddressType: ipv4
编辑:这是我的固定代码
"securityGroups": 'sg-xxxxxx,sg-yyyyyy'
LoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Name: !Join
- '-'
- - !Ref appname
- 'ALB2'
- !Ref env
Scheme: !FindInMap [ envMap, !Ref env, inorex ]
SecurityGroups: !Split
- ','
- !Join
- ','
- - !Ref SG
- !FindInMap [ envMap, !Ref env, securityGroups ]
Subnets: !FindInMap [ envMap, !Ref env, exsubnets ]
Type: application
IpAddressType: ipv4`
答案 0 :(得分:0)
为了将额外的安全组添加到Fn :: FindInMap函数提供的字符串值列表中,我们需要使用Fn :: FindInMap的返回值构造一个新的字符串值列表,并使用其他安全组添加Fn :: Sub函数。
Parameters:
env:
Default: qa
Type: String
Mappings:
envMap:
qa:
securityGroups: 'sg-xxxxxxxx,sg-xxxxxxxx'
sub:
subnets: 'subnet-xxxxxxxx,subnet-xxxxxxxx'
Resources:
LoadBalancer:
Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
Properties:
Name: !Join
- '-'
- - OR
- ALB
- !Ref env
Scheme: internal
SecurityGroups: !Split
- ','
- !Sub
- 'sg-xxxxxxx,${mappedGroup}'
- mappedGroup: !FindInMap
- envMap
- !Ref env
- securityGroups
Subnets: !Split
- ','
- !FindInMap
- envMap
- sub
- subnets
Type: application
IpAddressType: ipv4