Question

当前尝试将Fn :: if与多个Fn :: Subs一起使用，但是当前仅转换第一个。我尝试使用多种方法来创建此方法，但这是我能够生成的唯一方法而不会引起语法错误。

Resource:
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - Fn::If:
   - USRegion
   - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
   - !Ref AWS::NoValue

尝试使用

Resource:
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - Fn::If:
   - USRegion
   - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
   - !Ref AWS::NoValue

我在另一个SO问题中看到了，但仍然没有骰子。

如何更改此值以转换每个值，而不是仅转换第一个值？

编辑：在上下文中，我添加了多个if语句之外的arn。

我找到了两个当前最好的解决方案

 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5
 - Fn::If:
   - USRegion
   - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame1
   - !Ref AWS::NoValue
 - Fn::If:
   - USRegion
   - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame2
   - !Ref AWS::NoValue

或


  Fn::If:
   - USRegion
   - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame1
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame2
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5
   - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5

Answer 1

我认为应该这样做（注意缩进）：

interesting(S,C).

如果Resource: Fn::If: - USRegion - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame - !Ref AWS::NoValue为true，则返回一个列表。在最初的尝试中，您想创建一个列表列表。

但是，假设这是一些IAM策略，则需要重新考虑使用USRegion。在IAM政策声明中，AWS::NoValue是required，因此在Resource为假的情况下，如果没有资源就无法制定IAM政策。

Answer 2

您似乎正在生成IAM策略。您的第二次尝试是将这样的结果与列表内的列表一起产生。

Resource:
 - - arn1
   - arn2
   - arn3
   - arn4

您的模板应如下所示：

 Resource:
   "Fn::If":
     - USRegion
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
       !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
       !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
       !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     - []

或者如果您不能将“资源”设置为一个空数组，则将if语句上移，以便生成整个策略语句。

在Fn :: if中使用多个Fn :: Sub

2 个答案: