我有以下 cloudformation 代码,如果帐户是 XXXXX,我不想设置 VPC 配置
AWSTemplateFormatVersion: '2010-09-09'
Description: VPC function.
Mappings:
"129921924252":
"ap-southeast-1":
Subnets:
- "vpc-PrivateSubnetId1"
- "vpc-PrivateSubnetId2"
Conditions:
CheckAccount: {"Fn::Equals": [ !Ref AWS::AccountId, "123456780976"]}
Resources:
Function:
Type: AWS::Lambda::Function
Properties:
Handler: index.handler
Role: arn:aws:iam::129921924252:role/service-role/ASG-Lambda-role-n27an6nj
Code:
ZipFile:
Fn::Sub: |
import json
import boto3
import os
from botocore.exceptions import ClientError
Runtime: nodejs12.x
Timeout: 5
TracingConfig:
Mode: Active
VpcConfig:
- Fn::If:
- CheckAccount
SecurityGroupIds:
- sg-0305baf25b2dd4891
SubnetIds:
-
Fn::ImportValue:
Fn::Select: [0, Fn::FindInMap : [!Ref AWS::AccountId, !Ref AWS::Region, Subnets]]
-
Fn::ImportValue:
Fn::Select: [1, Fn::FindInMap : [!Ref AWS::AccountId, !Ref AWS::Region, Subnets]]
- !Ref AWS::NoValue
尝试上面的代码时出现错误:
Properties validation failed for resource Function with message: #/VpcConfig: expected type: JSONObject, found: JSONArray
最佳答案
您的 Fn::If 语句的语法似乎不正确。看一下 documentation 中的以下示例:
UpdatePolicy:
AutoScalingRollingUpdate:
!If
- RollingUpdates
-
MaxBatchSize: 2
MinInstancesInService: 2
PauseTime: PT0M30S
- !Ref "AWS::NoValue"
所以在你的情况下是:
VpcConfig:
- Fn::If:
- CheckAccount
- SecurityGroupIds:
- sg-0305baf25b2dd4891
SubnetIds:
- Fn::ImportValue:
Fn::Select: [0, Fn::FindInMap : [!Ref AWS::AccountId, !Ref AWS::Region, Subnets]]
- Fn::ImportValue:
Fn::Select: [1, Fn::FindInMap : [!Ref AWS::AccountId, !Ref AWS::Region, Subnets]]
- !Ref AWS::NoValue
关于aws-cloudformation - 取消VPC配置,如果账号是XXXXXX,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68641207/