我创建了一个CDK堆栈,该堆栈将部署在多个区域中。其中一种构造只能部署在一个区域中。在Cloudformation中,我只是向资源添加条件,但是我还没有找到一种对CDK构造进行类似操作的方法。
可以定义一个CfnCondition并将其添加到CfnResource中,但是我如何为lambda函数之类的构造添加条件?
答案 0 :(得分:2)
下面是一个如何为iam.User实现这一目标的示例:
// Create a CloudFormation condition on the region
const regionCondition = new cdk.CfnCondition(this, 'RegionCondition', {
expression: cdk.Fn.conditionEquals(cdk.Stack.of(this).region, 'eu-west-1'),
});
// Create the user using the L2 construct
const user = new iam.User(this, 'User');
// Add the condition on the underlying AWS::IAM::User
(user.node.defaultChild as iam.CfnUser).cfnOptions.condition = regionCondition
答案 1 :(得分:0)
下面是一个如何为iam.Role实现这一目标的示例:
const role = new iam.Role(this, "TestRole", {...});
const conditionKey = "AssumeRolePolicyDocument.Statement.0.Condition.ForAnyValue:StringLike";
const conditionValue = {
"aws:userid": [
"user1@company.com",
"user2@company.com",
],
};
const roleRef = role.node.defaultChild as iam.CfnRole;
roleRef.addPropertyOverride(conditionKey, conditionValue);