目前我有一个条件:
Conditions:
IsBeta: !Equals [!Ref Stage, "beta"]
映射:
Mappings:
ABCMap:
beta:
Role1: "arn:aws::iam::...",
Role1-Test: "arn:aws::iam::...",
Role2: ""arn:aws::iam::...",
Role2-Test: "arn:aws::iam::..."
prod:
Role1: "arn:aws::iam::...",
Role2: "arn:aws::iam::..."
以及资源策略的一部分:
ResourcePolicy:
CustomStatements:
- Action: ['execute-api:Invoke']
Effect: Allow
Principal:
AWS:
- !FindInMap [ IAMRoleMap, !Ref Stage, Role1 ]
- !FindInMap [ IAMRoleMap, !Ref Stage, Role2 ]
- Fn::If:
- IsBeta
- - !FindInMap [ ABCMap, !Ref Stage, Role1-Test ]
- {Ref: 'AWS::NoValue'}
- Fn::If:
- IsBeta
- - !FindInMap [ ABCMap, !Ref Stage, Role2-Test ]
- {Ref: 'AWS::NoValue'}
Resource: "arn::aws..."
如何将它们组合成一个“如果”?或者有没有更好的方式来表达,如果阶段是beta,我只需要在资源策略中拥有Role1-Test和Role2-Test?
最佳答案
您应该将所有原则放在一个大的 Fn::If 中:
ResourcePolicy:
CustomStatements:
- Action: ['execute-api:Invoke']
Effect: Allow
Principal:
AWS:
Fn::If:
- IsBeta
- - !FindInMap [ IAMRoleMap, !Ref Stage, Role1 ]
- !FindInMap [ IAMRoleMap, !Ref Stage, Role2 ]
- !FindInMap [ ABCMap, !Ref Stage, Role1-Test ]
- !FindInMap [ ABCMap, !Ref Stage, Role2-Test ]
- - !FindInMap [ IAMRoleMap, !Ref Stage, Role1 ]
- !FindInMap [ IAMRoleMap, !Ref Stage, Role2 ]
Resource: "arn::aws..."
关于amazon-web-services - 我们如何在AWS Cloudformation中编写If(条件)do(X和Y)else(do A和B),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66700714/