AWS Cloudformation使用Fn :: Join在文件中输出双引号

时间:2014-12-05 02:53:11

标签: amazon-web-services amazon-cloudformation

经过大量的研究和挫折,我并没有得到我希望的输出。

文件中所需的输出例如是

"accessKeyId":"UIIUHO]SOMEKEY[SHPIUIUHIU"

但我得到的是

accessKeyId:UIIUHO]SOMEKEY[SHPIUIUHIU

以下是AWS Cloudformation模板中的行

{"Fn::Join": ["", ["echo \" accessKeyId:", {"Ref": "AccessKeyId"}, "\" >>  /home/ubuntu/myfile.json"] ] },

我尝试在echo语句中添加\“但是没有输出引号。有人能说明如何在上面生成所需的输出吗?

2 个答案:

答案 0 :(得分:7)

事实上,这是一个正确转义引号的问题。

原因是:CloudFormation字符串中的\"被转义为"(双引号)。

例如,"hello \"me\""为您提供:

hello "me"

在你的行中,你真正为bash提供的是:

echo " accessKeyId:XXXXX" >> /home/ubuntu/myfile.json

考虑使用引号的bash,你得到字符串

accessKeyId:XXXXX

/home/ubuntu/myfile.json

要解决您的问题,我建议您使用:

{"Fn::Join": ["", ["echo '\"accessKeyId\":\"", {"Ref": "AccessKeyId"}, "\"' >>  /home/ubuntu/myfile.json"] ] },

转义 
echo '"accessKeyId":"XXXXX"' >>  /home/ubuntu/myfile.json

(很难读:echo使用的整个字符串都在单引号内。)

我现在无法尝试,但它应该可以解决问题。

答案 1 :(得分:0)

如果您尝试在CloudFormation启动的EC2实例上生成文件,我建议采用以下方法:

在“资源”部分(相应地调整您的政策):

     "User": {
            "Type": "AWS::IAM::User",
            "Properties": {
                "Path": "/",
                "Policies": [
                    {
                        "PolicyName": "AllPrivileges",
                        "PolicyDocument": {
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": [
                                        "*"
                                    ],
                                    "Resource": [ "*" ]
                                }
                            ]
                        }
                    }
                ]
            }
    },
    "AccessKey" : {
       "Type" : "AWS::IAM::AccessKey",
       "Properties" : {
          "UserName" : { "Ref" : "User" }
       }
    },

在EC2实例资源部分:

        "Metadata" : {
            "AWS::CloudFormation::Init" : {
              "config" : {
                    "files" : {
                      "/home/ec2-user/.aws/config" : {
                        "content" : { "Fn::Join" : ["", [
                          "[profile eb-cli]", "\n",
                          "aws_access_key_id = ", { "Ref" : "AccessKey" }, "\n",
                          "aws_secret_access_key = ", { "Fn::GetAtt" : [ "AccessKey", "SecretAccessKey" ] }, "\n"
                        ]]},
                        "mode" : "000600",
                        "owner" : "ec2-user",
                        "group" : "ec2-user"
                      }
                    },

在输出中添加双引号应该像转义它们一样简单,例如

          "files" : {
                      "/home/ec2-user/.aws/config" : {
                        "content" : { "Fn::Join" : ["", [
                          "[profile eb-cli]", "\n",
                          "\"aws_access_key_id\" = \"", { "Ref" : "AccessKey" }, "\"", "\n",
                          "\"aws_secret_access_key\" = \"", { "Fn::GetAtt" : [ "AccessKey", "SecretAccessKey" ] }, , "\"", "\n"
                        ]]},
                        "mode" : "000600",
                        "owner" : "ec2-user",
                        "group" : "ec2-user"
                      }
                    },

但AWS CLI和SDK配置文件不需要这样做

要触发模板的AWS::Cloudformation::Init部分,您必须明确调用cfn-init

我通常是从用户数据部分执行此操作:

            "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
                "#!/bin/bash -x\n",
                "exec &> /home/ec2-user/userdata.log\n",
                "/opt/aws/bin/cfn-init --region ", { "Ref" : "AWS::Region" }, " -s ", { "Ref" : "AWS::StackId" }, " -r DockerInstance -v\n",
                "/opt/aws/bin/cfn-signal -e $? ", { "Fn::Base64" : { "Ref" : "WaitConditionHandle" }}, "\n"
            ]] } }
相关问题
最新问题