我目前正在尝试使用带有 .NET 应用程序的 AWS CDK 复制另一个开发人员的 powershell 脚本功能。他正在使用 VaporShell 生成 CloudFormation 模板 (YAML)。我将 CloudFormation 模板放在下面(我为这篇文章使用了很多通用名称)。我放了一个箭头指向让我头疼的键值对。
Resources:
rSNSTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: 'SNS topic'
TopicName: 'SNS Topic'
rSNSPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
Topics:
- !Ref 'rSNSTopic'
PolicyDocument:
Statement:
- Condition:
StringEquals:
AWS:SourceOwner: 'CurrentAcct' <=== This is the key/value pair.
Action:
- SNS:Publish
- SNS:RemovePermission
- SNS:SetTopicAttributes
- SNS:DeleteTopic
- SNS:ListSubscriptionsByTopic
- SNS:GetTopicAttributes
- SNS:Receive
- SNS:AddPermission
- SNS:Subscribe
Resource: !Ref 'rSNSTopic'
Effect: Allow
Sid: Default
Principal:
AWS: '*'
Version: '2012-10-17'
我已经能够使用 C# 应用程序和 AWS CDK 生成另一个 CloudFormation 模板。除了生成我在上面突出显示的键值对之外,它几乎完美地工作。我曾尝试使用一个数组,生成一个新的策略语句对象,并在 .NET 中使用键/值对对象。我将在下面给出这三种尝试中每一种尝试的示例以及相应的输出。有谁知道以上述相同方式生成键/值对的方法吗?当然,将 CDK 与 C# 结合使用。
尝试 1:使用字符串数组。
C# 代码(下方):
var topic = new Topic(this, "rSNSTopic", new TopicProps
{
DisplayName = "SNS topic",
TopicName = "SNS topic"
});
var topicPolicyStatement1 = new PolicyStatement(0)
.Describe("Default")
.AddAwsPrincipal("*")
.AddActions("- SNS:Publish\n" +
"- SNS:RemovePermission\n" +
"- SNS:SetTopicAttributes\n" +
"- SNS:DeleteTopic\n" +
"- SNS:ListSubscriptionsByTopic\n" +
"- SNS:GetTopicAttributes\n" +
"- SNS:Receive\n" +
"- SNS:AddPermission\n" +
"- SNS:Subscribe\n")
.AddCondition("StringEquals",
new [] {"AWS:SourceOwner", "pTestAccnt"}) <=== Using an array as the second .AddCondition parameter.
.AddCondition("aws:SourceArn", topic.TopicArn)
.AddResource(topic.TopicArn);
topic.AddToResourcePolicy(topicPolicyStatement1);
topic.AddToResourcePolicy(topicPolicyStatement2);
CloudFormation 模板的生成键/值对部分(如下):
Condition:
StringEquals:
- AWS:SourceOwner
- TestAccnt
尝试 2:使用新的策略声明对象。
C# 代码(下方):
var topic = new Topic(this, "rSNSTopic", new TopicProps
{
DisplayName = "SNS topic",
TopicName = "SNS topic"
});
var topicPolicyStatement1 = new PolicyStatement(0)
.Describe("Default")
.AddAwsPrincipal("*")
.AddActions("- SNS:Publish\n" +
"- SNS:RemovePermission\n" +
"- SNS:SetTopicAttributes\n" +
"- SNS:DeleteTopic\n" +
"- SNS:ListSubscriptionsByTopic\n" +
"- SNS:GetTopicAttributes\n" +
"- SNS:Receive\n" +
"- SNS:AddPermission\n" +
"- SNS:Subscribe\n")
.AddCondition("StringEquals",
new PolicyStatement(0).AddCondition("AWS:SourceOwner", "pTestAccnt")) <=== Using a policy statement as the second .AddCondition parameter.
.AddCondition("aws:SourceArn", topic.TopicArn)
.AddResource(topic.TopicArn);
topic.AddToResourcePolicy(topicPolicyStatement1);
topic.AddToResourcePolicy(topicPolicyStatement2);
CloudFormation 模板的生成键/值对部分(如下):
Condition:
StringEquals:
Condition: <=== This solution creates a second condition key which throws an error in AWS CloudFormation.
AWS:SourceOwner: TestAccnt <=== This key value pair looks correct.
尝试 3:使用来自 .NETnew 策略语句对象的键/值对象。
C# 代码(下方):
var topic = new Topic(this, "rSNSTopic", new TopicProps
{
DisplayName = "SNS topic",
TopicName = "SNS topic"
});
var topicPolicyStatement1 = new PolicyStatement(0)
.Describe("Default")
.AddAwsPrincipal("*")
.AddActions("- SNS:Publish\n" +
"- SNS:RemovePermission\n" +
"- SNS:SetTopicAttributes\n" +
"- SNS:DeleteTopic\n" +
"- SNS:ListSubscriptionsByTopic\n" +
"- SNS:GetTopicAttributes\n" +
"- SNS:Receive\n" +
"- SNS:AddPermission\n" +
"- SNS:Subscribe\n")
.AddCondition("StringEquals",
new KeyValuePair<string, string>("AWS:SourceOwner", "pTestAccnt")) <=== Using a policy statement as the second .AddCondition parameter.
.AddCondition("aws:SourceArn", topic.TopicArn)
.AddResource(topic.TopicArn);
topic.AddToResourcePolicy(topicPolicyStatement1);
topic.AddToResourcePolicy(topicPolicyStatement2);
这种方法会引发错误。我怀疑它与 JSII 运行时编译/解释我在 C# 应用程序中使用的键/值对对象有关。
命令行的完整输出(如下):
Unhandled Exception: System.ArgumentException: Could not infer JSII type for .NET type 'KeyValuePair`2'
Parameter name: type
at Amazon.JSII.Runtime.Services.Converters.FrameworkToJsiiConverter.InferType(IReferenceMap referenceMap, Type type)
at Amazon.JSII.Runtime.Services.Converters.ValueConverter.ConvertAny(IReferenceMap referenceMap, Object value)
at Amazon.JSII.Runtime.Services.Converters.ValueConverter.TryConvertPrimitive(IReferenceMap referenceMap, Object value, Boolean isOptional, PrimitiveType primitiveType, Object& result)
at Amazon.JSII.Runtime.Services.Converters.ValueConverter.TryConvert(TypeReference typeReference, IReferenceMap referenceMap, Object value, Object& result)
at Amazon.JSII.Runtime.Deputy.DeputyBase.<>c__DisplayClass20_0.<ConvertArguments>b__0(Parameter parameter, Object frameworkArgument)
at System.Linq.Enumerable.ZipIterator[TFirst,TSecond,TResult](IEnumerable`1 first, IEnumerable`1 second, Func`3 resultSelector)+MoveNext()
at System.Collections.Generic.LargeArrayBuilder`1.AddRange(IEnumerable`1 items)
at System.Collections.Generic.EnumerableHelpers.ToArray[T](IEnumerable`1 source)
at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
at Amazon.JSII.Runtime.Deputy.DeputyBase.<InvokeMethodCore>g__GetResult|18_0[T](<>c__DisplayClass18_0`1& )
at Amazon.JSII.Runtime.Deputy.DeputyBase.InvokeMethodCore[T](JsiiMethodAttribute methodAttribute, Object[] arguments, Func`3 beginFunc, Func`3 invokeFunc)
at Amazon.JSII.Runtime.Deputy.DeputyBase.InvokeInstanceMethod[T](Object[] arguments, String methodName)
at HelloCdk.TestStack..ctor(App parent, String name, IStackProps props) in C:\Users\SomeUser\Documents\git\SomeGITRepo\SingleStackGenerator\src\HelloCdk\TestStack.cs:line 57
at HelloCdk.Program.Main(String[] args) in C:\Users\SomeUser\Documents\git\SomeGITRepo\SingleStackGenerator\src\HelloCdk\Program.cs:line 18
(node:39548) UnhandledPromiseRejectionWarning: Error: EPIPE: broken pipe, write
at Object.writeSync (fs.js:569:3)
at t.SyncStdio.writeBuffer (C:\Users\SomeUser\AppData\Local\Temp\gnh3dhha.5kf\jsii-runtime.js:1:165352)
at t.SyncStdio.writeLine (C:\Users\SomeUser\AppData\Local\Temp\gnh3dhha.5kf\jsii-runtime.js:1:164892)
at t.InputOutput.write (C:\Users\SomeUser\AppData\Local\Temp\gnh3dhha.5kf\jsii-runtime.js:1:164341)
at t.KernelHost.writeError (C:\Users\SomeUser\AppData\Local\Temp\gnh3dhha.5kf\jsii-runtime.js:1:79440)
at i.then.catch.e (C:\Users\SomeUser\AppData\Local\Temp\gnh3dhha.5kf\jsii-runtime.js:1:79101)
(node:39548) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:39548) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Subprocess exited with error 3762504530
最佳答案
我想出了一个解决办法。 C# 中的“字典”对象是完美的,JSII 运行时也可以编译它。
关于c# - 如何在 AWS CDK PolicyStatement AddAction 方法中嵌套键值对?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55189759/