我有两个堆栈,分别名为“createIAMRole”、“createElasticSearch” 和“createdLambda”。我想要的是,我想在 “createElasticSearch” 和 “createdLambda” 中使用名为 “createIAMRole” 的第一个堆栈中的 IAM 角色 ARN。
创建IAM角色
AWSTemplateFormatVersion: '2010-09-09'
Description: >
blah.
Resources:
myIAMRole:
Type: AWS::IAM::Role
Properties:
..
..
Policies:
- PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- dynamodb:*
Resource: "*"
PolicyName: "myIAMRolePolicy"
Outputs:
myIAMRole:
Description: myIAMRole to use Stacks
Value: !Ref myIAMRole
“创建ElasticSearch”
Resources:
ElasticsearchDomain:
Type: AWS::Elasticsearch::Domain
Properties:
..
..
AccessPolicies:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
AWS:
- >>> THERE IS I WANT TO ADD <<<
Action: "es:*"
Resource: "*"
AdvancedOptions:
rest.action.multi.allow_explicit_index: "true"
请告诉我该怎么做,谢谢。
最佳答案
For the createIAMRole you need to export the output:
Outputs: myIAMRole:
Description: myIAMRole to use Stacks
Value: !Ref myIAMRole
Export:
Name: myIAMRole
And for the createElasticSearch you need to "ImportValue":
Fn::ImportValue:
!Sub "${myIAMStackName}-myIAMRole"
More Information: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html
关于amazon-web-services - 如何输出 IAM 角色并在另一个堆栈中使用它?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59748761/