我创建了一个嵌套的cloudformation堆栈,在这种情况下引用了一个Lambda子堆栈。 因为我有多个LambdaFunction,所以我在Lambda子节点中设计了LambdaFunction资源 模板,以便它可以在父模板中指定的所有Lambda函数中重复相同的操作。
但是,一旦执行create-stack
:Template error: every Fn::GetAtt object requires two non-empty parameters, the resource name and the resource attribute
,我就会收到以下错误,它指向Lambda Child模板。
我尝试添加一个 DependsOn子句,其中列出了所有LambdaExecutionRoles,因为LambdaFunction引用了那些,但是 似乎没有解决问题。因此,接收LambdaName参数会出错 或者抓住Arn。有什么想法吗?
父模板的部分:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
AlignmentLambdaFuncS3BucketName:
Type: String
AlignmentLambdaFuncS3KeyName:
Type: String
AlignmentLambdaFuncModuleName:
Type: String
HaploLambdaFuncS3BucketName:
Type: String
HaploLambdaFuncS3KeyName:
Type: String
HaploLambdaFuncModuleName:
Type: String
Resources:
AlignmentLambdaFunction:
Type: "AWS::CloudFormation::Stack"
Properties:
Parameters:
LambdaName: Alignment
BucketName: LambdaFuncS3BucketName
S3KeyName: LambdaFuncS3KeyName
ModuleName: LambdaFuncModuleName
TemplateURL: https://s3.amazonaws.com/CFNTemplate/lambda_resources.stack.yaml
TimeoutInMinutes: 1
HaploLambdaFunction:
Type: "AWS::CloudFormation::Stack"
Properties:
Parameters:
LambdaName: Haplo
BucketName: LambdaFuncS3BucketName
S3KeyName: LambdaFuncS3KeyName
ModuleName: LambdaFuncModuleName
TemplateURL: https://s3.amazonaws.com/CFNTemplate/lambda_resources.stack.yaml
TimeoutInMinutes: 1
Lambda子模板的部分:
AWSTemplateFormatVersion: '2010-09-09'
Description: lambda function and execution role stack.
Parameters:
LambdaName:
Type: String
BucketName:
Type: String
S3KeyName:
Type: String
ModuleName:
Type: String
KMSAdminUserARN:
Type: String
KMSEndUserARN:
Type: String
Resources:
LambdaFunction:
Type: "AWS::Lambda::Function"
Properties:
Handler: !Sub '${LambdaName}-{ModuleName}.handler'
Role:
Fn::GetAtt: [ !Sub '${LambdaName}LambdaExecutionRole', Arn ]
Code:
S3Bucket: !Sub '${LambdaName}{BucketName}'
S3Key: !Sub '${LambdaName}{S3KeyName}'
Runtime: "python3.6"
AlignmentLambdaExecutionRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: "sts:AssumeRole"
Policies:
- PolicyName: CanListBuckets
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:GetBucketLocation"
- "s3:ListAllMyBuckets"
Resource: "arn:aws:s3:::*"
- PolicyName: CanCallBatch
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "batch:*"
Resource: "*"
- PolicyName: CanLog
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:*
Resource: arn:aws:logs:*:*:*
HaploLambdaExecutionRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: "sts:AssumeRole"
Policies:
- PolicyName: CanListBuckets
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "s3:GetBucketLocation"
- "s3:ListAllMyBuckets"
Resource: "arn:aws:s3:::*"
- PolicyName: CanCallBatch
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- "batch:*"
Resource: "*"
- PolicyName: CanLog
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:*
Resource: arn:aws:logs:*:*:*
答案 0 :(得分:1)
不幸的是,你不能在Sub
的逻辑资源名称中使用任何函数(例如Fn::GetAtt
):
对于Fn :: GetAtt逻辑资源名称,您不能使用函数。您必须指定一个作为资源逻辑ID的字符串。