我正在查看条件函数Fn::If:,以仅在条件评估为true时创建或供应资源。就我而言,如果环境是prod,请创建一个策略。
Parameters:
Env:
Description: Environment
Type: String
Conditions:
IsProd: !Equals [!Ref Env, 'prod']
我知道如何针对某个属性执行此操作,但不针对整个资源块执行该操作。
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: '*'
Resource: '*'
Roles:
- !Ref RootRole
这可能吗?
答案 0 :(得分:2)
您可以使用 Condition:资源属性来做到这一点。例如:
Resources:
MyIAMPolicy:
Condition: IsProd
Type: 'AWS::IAM::Policy'
Properties:
PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: '*'
Resource: '*'
Roles:
- !Ref RootRole
有关更多信息,请参见: