我有一个嵌套的CloudFormation模板,该模板从其根模板接受许多参数来对其进行配置。目前,我只传递简单的字符串参数,但现在我需要将S3存储桶ARN列表传递到子模板上。
ChildLambdaStack:
Type: AWS::CloudFormation::Stack
Properties:
Parameters:
AwsRegion: !Ref AwsRegion
Environment: !Ref Environment
Product: !Ref Product
S3Buckets: "arn:aws:s3:::bucket1,arn:aws:s3:::bucket2"
TemplateURL: "https://s3.amazonaws.com/child-template.yml"
然后在子模板中,我有这个
AWSTemplateFormatVersion: "2010-09-09"
Description: "Child Lambda"
Parameters:
AwsRegion:
Type: String
Environment:
Type: String
Product:
Type: String
S3Buckets:
Type: String
Resources:
DeployerPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:DeleteObject
- s3:CreateBucket
- s3:DeleteBucket
- s3:ListBucket
- s3:PutBucketNotification
Resource:
- Fn::Split:
- ","
- !Ref S3Buckets
我的想法是,我要输入的S3存储桶ARN列表会像这样子模板中扩展
Resource:
- arn:aws:s3:::bucket1
- arn:aws:s3:::bucket2
但是当我运行模板时,它只会出错
Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument)
我尝试了其他变体,例如使用CommaDelimitedList参数类型,但没有任何效果。有没有简单的方法可以将字符串列表作为参数传递?
答案 0 :(得分:1)
由于!Split的返回值为A list of string values.,因此我将通过以下方式进行操作:
[...]
Resource: !Split [",", !Ref S3Buckets]
[...]
答案 1 :(得分:1)
正如@MaiKaY所指出的那样,@Liam Mayfair代码中的缺陷在于,Fn::Split之前是-,导致列表中包含单个元素,该元素是清单。固定代码看起来像
...
Resource:
Fn::Split:
- ","
- !Ref S3Buckets
更一般地说,在使用String时,必须确保使用CommaDelimitedList而不是Fn::Split的参数类型,因为它不会拆分CommaDelimitedList。
CommaDelimitedList与Fn::Split一起使用,则会出现错误Template error: every Fn::Split object requires two parameters, (1) a string delimiter and (2) a string to be split or a function that returns a string to be split CommaDelimitedList的情况下使用Fn::Split,则会收到错误消息Syntax errors in policy