代码之家 › 专栏 › 技术社区 › claudiadast

如何将主堆栈模板的重复组件用于子堆栈模板中的多个参数?

amazon-cloudformation stack nested amazon-web-services

claudiadast · 技术社区 · 7 年前

我创建了一个嵌套堆栈,本质上希望将相同的基本堆栈资源格式应用于多个案例,但是,我不知道如何将其转换为cloudformation模板脚本。

例如,在以下(非嵌套)堆栈模板中,我有几个Lambda函数参数,它们对Lambda函数资源和Lambda函数执行角色资源都使用相同的基本格式:

---
AWSTemplateFormatVersion: "2010-09-09"
Description: "Master template for wgs-pipeline. Calls to other stack templates."
Parameters:
  CloudspanLambdaFuncS3BucketName:
    Type: String
  CloudspanLambdaFuncS3KeyName:
    Default: 'sfn.deployable.zip'
    Type: String
  CloudspanLambdaFuncModuleName:
    Default: 'cloudspan'
    Type: String
  AlignmentLambdaFuncS3BucketName:
    Type: String
  AlignmentLambdaFuncS3KeyName:
    Type: String
  AlignmentLambdaFuncModuleName:
    Type: String
Resources:
  CloudspanLambdaExecutionRole:
  Type: "AWS::IAM::Role"
  Properties:
    AssumeRolePolicyDocument:
      Version: "2012-10-17"
      Statement:
        - Effect: Allow
          Principal:
            Service: lambda.amazonaws.com
          Action: "sts:AssumeRole"
    Policies:
      - PolicyName: CanListBuckets
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Action:
                - "s3:GetBucketLocation"
                - "s3:ListAllMyBuckets"
              Resource: "arn:aws:s3:::*"
      - PolicyName: CanLog
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:*
            Resource: arn:aws:logs:*:*:*

CloudspanLambdaFunction:
  Type: "AWS::Lambda::Function"
  Properties:
    Handler:
      Fn::Join: [ ".", [ Ref: CloudspanLambdaFuncModuleName, "handler"] ]
    Role:
      Fn::GetAtt: [ CloudspanLambdaExecutionRole, Arn ]
    Code:
      S3Bucket:
        Ref: CloudspanLambdaFuncS3BucketName
      S3Key:
        Ref: CloudspanLambdaFuncS3KeyName
    Runtime: "python3.6"
    Timeout: "60"

AlignmentLambdaExecutionRole:
  Type: "AWS::IAM::Role"
  Properties:
    AssumeRolePolicyDocument:
      Version: "2012-10-17"
      Statement:
        - Effect: Allow
          Principal:
            Service: lambda.amazonaws.com
          Action: "sts:AssumeRole"
    Policies:
      - PolicyName: CanListBuckets
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Action:
                - "s3:GetBucketLocation"
                - "s3:ListAllMyBuckets"
              Resource: "arn:aws:s3:::*"
      - PolicyName: CanCallBatch
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Action:
                - "batch:*"
              Resource: "*"
      - PolicyName: CanLog
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          - Effect: Allow
            Action:
            - logs:*
            Resource: arn:aws:logs:*:*:*

AlignmentLambdaFunction:
  Type: "AWS::Lambda::Function"
  Properties:
    Handler:
      Fn::Join: [ ".", [ Ref: AlignmentLambdaFuncModuleName, "handler"] ]
    Role:
      Fn::GetAtt: [ AlignmentLambdaExecutionRole, Arn ]
    Code:
      S3Bucket:
        Ref: AlignmentLambdaFuncS3BucketName
      S3Key:
        Ref: AlignmentLambdaFuncS3KeyName
    Runtime: "python3.6"
    Timeout: "60"

您可以看到存在一些差异,例如lambda函数资源之间的策略名称以及它们引用的参数。

我的问题是,如果我分离上述主模板,使Lambda函数资源位于子模板中,那么如何在所有这些参数(CloudspanLambda、AlignmentLambda等)上应用相同的基本资源格式?

下面是我如何设置 子模板 目前为止

---
AWSTemplateFormatVersion: '2010-09-09'
Description: lambda function and execution role stack.
Parameters:
  {x}LambdaFuncS3BucketName:
    Type: String
  {x}LambdaFuncS3KeyName:
    Type: String
  {x}LambdaFuncModuleName:
    Type: String
Resources:
  LambdaFunction:
    Type: "AWS::Lambda::Function"
    Properties:
      Handler:
        Fn::Join: [ ".", [ Ref: {x}LambdaFuncModuleName, "handler"] ]
      Role:
        Fn::GetAtt: [ {x}LambdaExecutionRole, Arn ]
      Code:
        S3Bucket:
          Ref: {x}LambdaFuncS3BucketName
        S3Key:
          Ref: {x}LambdaFuncS3KeyName
      Runtime: "python3.6"
  LambdaExecutionRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: CanListBuckets
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "s3:GetBucketLocation"
                  - "s3:ListAllMyBuckets"
                Resource: "arn:aws:s3:::*"
        - PolicyName: CanLog
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - logs:*
              Resource: arn:aws:logs:*:*:*

我把 {x} 现在,它代表了所有这些参数的iterable。根据引用的Lambda函数的不同,我还需要改变策略名称的使用。这样做的正确方法是什么?

1 回复 | 直到 7 年前

Sudharsan Sivasankaran 7 年前

下面是一个示例模板,让您有一个想法。

主人yaml:

Resources:
  Cloudspan:
    Type: "AWS::CloudFormation::Stack"
    Properties:
      Parameters:
        LambdaName: Cloudspan
        BucketName: <BucketName>
        S3KeyName: <S3KeyName>
        FunctionName: <FunctionName>
      TemplateURL: <TemplateURL>
  Alignment:
    Type: "AWS::CloudFormation::Stack"
    Properties:
      Parameters:
        LambdaName: Alignment
        BucketName: <BucketName>
        S3KeyName: <S3KeyName>
        FunctionName: <FunctionName>
      TemplateURL: <TemplateURL>

Lambda儿童。yaml:

Parameters:
  LambdaName:
    Type: String
  BucketName:
    Type: String
  S3KeyName:
    Type: String
  FunctionName:
    Type: String

Resources:
  LambdaFunction:
    Type: "AWS::Lambda::Function"
    Properties:
      Handler: !Sub '${LambdaName}-{FunctionName}.Handler'
      Role:
        Fn::GetAtt: [!Sub '${LambdaName}LambdaExecutionRole', Arn ]
      Code:
        S3Bucket: !Sub '${LambdaName}{BucketName}'
        S3Key: !Sub '${LambdaName}{S3KeyName}'
      Runtime: "python3.6"