AWS CFT Fn :: Sub与数组

时间:2020-03-16 20:04:47

标签: amazon-web-services amazon-s3 amazon-cloudformation intrinsics

本着DRY的精神,我正在更新旧版S3 + CFT JSON脚本,该脚本可在多个环境(Dev,QA和Prod)中控制S3策略。该代码的原始作者为每种环境重复了每组角色...

(代码的粗略输入)

{
   "Parameters" : {
      "Mappings" : {
         "dev" : {
            "us-east-1" : {
               "userRole0" : "aws:1234:role/user0",
               "userRole1" : "aws:1234:role/user1",
               "userRole2" : "aws:1234:role/user2"
            }
         }
         "qa" : {
            "us-east-1" : {
               "userRole0" : "aws:5678:role/user0",
               "userRole1" : "aws:5678:role/user1",
               "userRole2" : "aws:5678:role/user2"
            }
         }
         "prod" : {
            "us-east-1" : {
               "userRole0" : "aws:9012:role/user0",
               "userRole1" : "aws:9012:role/user1",
               "userRole2" : "aws:9012:role/user2"
            }
         }
      }
   }
}

... 

{ "Fn:FindInMap: [ {"Ref" : "ENV"}, {"Ref : "AWS::Region"}, "userRole0" ] },
{ "Fn:FindInMap: [ {"Ref" : "ENV"}, {"Ref : "AWS::Region"}, "userRole1" ] },
{ "Fn:FindInMap: [ {"Ref" : "ENV"}, {"Ref : "AWS::Region"}, "userRole2" ] }

本着不重复的精神,这在我更新数据时一直在困扰我。而且我很难找到用于本征函数的任何测试工具...

问。我可以在映射中的字符串数组上使用Fn::Sub吗? 

{
   "Parameters" : {
      "Mappings" : {
         "roles" : [
            "aws:${id}:role/user0",
            "aws:${id}:role/user1",
            "aws:${id}:role/user2"
         ],
         "envID" : {
            "dev" : "1234",
            "qa"  : "5678",
            "prod": "9012"
         }
      }
   }
}

... 

{ "Fn::Sub" : [ "Fn:FindInMap" : ["roles"], { "id", "Fn:FindInMap" : ["endID", {"Ref" : "ENV"}] }]

0 个答案:

没有答案
相关问题
最新问题