使用AWS CLI启动CloudFormation模板时的可选参数

时间:2018-10-24 21:59:55

标签: amazon-web-services aws-lambda amazon-cloudformation

我正在尝试创建一个CloudFormation模板,该模板将部署Lambda函数,并且我需要安全性选项作为可选参数。

我能够使用此处的问题部分完成此任务:

How to make a whole object in CloudFormation templates optional?

有趣的是,该方法非常有用,可以在AWS GUI控制台中将VpcConfig属性设置为可选,但不能将其设置为CLI的可选。不幸的是,我需要它在CLI中运行,因为我将使用CodeBuild来调用和部署此模板的资源。

以下是相关参数:

"SecurityGroupIds" : {
   "Type" : "CommaDelimitedList",
   "Description" : "A list of one or more security groups IDs in the VPC that includes the resources to which your Lambda function requires access."
 },
 "SubnetIds" : {
   "Type" : "CommaDelimitedList",
   "Description" : "A list of one or more subnet IDs in the VPC that includes the resources to which your Lambda function requires access."
 }

条件:

    "HasVPC": {"Fn::And": [{"Fn::Not": [{"Fn::Equals": [{"Fn::Join": ["", {"Ref": "SubnetIds"}]}, ""]}]}, {"Fn::Not": [{"Fn::Equals": [{"Fn::Join": ["", {"Ref": "SecurityGroupIds"}]}, ""]}]}]}

这是在模板的“资源”部分中定义的Lambda资源中使用该条件的位置:

"VpcConfig": {
  "Fn::If": [
    "HasVPC",
    {
      "SecurityGroupIds" : {"Ref": "SecurityGroupIds"},
      "SubnetIds" : {"Ref": "SubnetIds"}
    },
    { "Ref":"AWS::NoValue" }
  ]
},

当我发出命令在CLI中部署此堆栈时,出现以下错误:

  

调用CreateChangeSet时发生错误(ValidationError)   操作:参数:[SecurityGroupIds,SubnetIds]必须具有值

这是我正在从模板所在的同一目录发出的AWS CLI命令。注意:ARN值已全部修改为不是我帐户中的真实值,但是我将它们保留为正确的格式,以便您可以看到命令的真实格式:

aws cloudformation deploy --template-file lambda-template.json --stack-name "CLI-lambda-stack" --parameter-overrides S3BucketName="myBucket" S3FileLocation="lambda_function.zip" S3ObjectVersion="ZuB0iueEghOyh5q00.DiykLNudujdsc5" DeadLetterArn="arn:aws:sns:us-west-2:577898337216:CloudFormationTests" EnvironmentVariable="testing" KmsKeyArn="arn:aws:kms:us-west-2:504398934246:key/b24e7b72-a94d-6a3e-b848-165115c86212" HandlerFunctionName="lambda_function.lambda_handler" MemorySize="128" Role="arn:aws:iam::102893937243:role/serverless-test-default-us-east-1-lambdaRole" FuncName="myCLILambda"

1 个答案:

答案 0 :(得分:1)

您既没有提供SecurityGroupIds也没有提供SubnetIds默认值,也没有在--parameter-overrides上提供它们。因此,如果没有提供任何值,CloudFormation不知道如何处理它们。

添加Default语句应该可以解决问题:

{
  "Parameters" : {
    "SecurityGroupIds" : {
      "Type" : "CommaDelimitedList",
      "Description" : "A list of one or more security groups IDs in the VPC that includes the resources to which your Lambda function requires access.",
      "Default" : ""
    },
    "SubnetIds" : {
      "Type" : "CommaDelimitedList",
      "Description" : "A list of one or more subnet IDs in the VPC that includes the resources to which your Lambda function requires access.",
      "Default" : ""
    }
}
相关问题
最新问题