模板包含错误。AWS CloudFormation CloudTrail 的模板中不允许使用 [/Resources/CloudTrail/Type/EventSelectors] 'null' 值
Template contains errors.: [/Resources/CloudTrail/Type/EventSelectors] 'null' values are not allowed in templates in AWS CloudFormation CloudTrail
我在尝试验证我的 cloudformation 模板时收到 "Template contains errors.: [/Resources/CloudTrail/Type/EventSelectors] 'null' values are not allowed in templates" 错误。
"Conditions":
"S3Enabled":
"Fn::Equals":
- "IsS3Enabled"
- "true"
"Parameters":
"IsS3Enabled":
"AllowedValues":
- "true"
- "false"
"Default": "true"
"Description": "whether you want cloudtrail enabled for S3"
"Type": "String"
"LambdaArns":
"Default": "arn:aws:lambda"
"Description": "The lambda arns of cloudtrail event selectors"
"Type": "CommaDelimitedList"
"S3Arns":
"Default": "'arn:aws:s3:::'"
"Description": "The S3 arns of cloudtrail event selectors"
"Type": "CommaDelimitedList"
"Resources":
"CloudTrail":
"DependsOn":
- "CloudTrailLogBucketPolicy"
"Properties":
"EnableLogFileValidation": "true"
"EventSelectors":
"DataResources": {"Fn::If" : ["S3Enabled", { "Type": "AWS::S3::Object", "Values": !Ref "S3Arns"}, {"Type": "AWS::Lambda::Function", "Values": !Ref "LambdaArns"}]}
"IncludeGlobalServiceEvents": "true"
"IsLogging": "true"
"IsMultiRegionTrail": "true"
"S3BucketName":
"Ref": "CloudTrailLogBucket"
"S3KeyPrefix": "sample"
"TrailName": "sample"
"Type": "AWS::CloudTrail::Trail"
我正在使用的资源
- CloudTrail 云形成:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html
- Fn::If 文档:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-conditions.html#intrinsic-function-reference-conditions-if
我遇到过类似的问题,它们都会导致缩进,但找不到我的模板的错误。
- AWS Cloudformation [/Resources/PrivateGateway/Properties] 'null' values are not allowed in templates
CloudFormation Linter 捕捉到这个:
E0000: Null value at line 31 column 24
DataResources 缩进得不够远,EventSelectors 和 DataResources 都需要是列表
我建议首先像这样在没有 Fn::If 的情况下使用该模板片段:
"Resources":
"CloudTrail":
"DependsOn":
- "CloudTrailLogBucketPolicy"
"Properties":
"EnableLogFileValidation": "true"
"EventSelectors":
- "DataResources":
- Type: AWS::S3::Object
Values: !Ref S3Arns
然后使用Fn::If设置第一个DataResource在DataResources列表
yaml 可能如下所示:
cloudtrail:
Type: AWS::CloudTrail::Trail
Properties:
EnableLogFileValidation: Yes
EventSelectors:
- DataResources:
- Type: AWS::S3::Object
Values:
- arn:aws:s3:::s3-event-step-bucket/
IncludeManagementEvents: Yes
ReadWriteType: All
IncludeGlobalServiceEvents: Yes
IsLogging: Yes
IsMultiRegionTrail: Yes
S3BucketName: s3-event-step-bucket-storage
TrailName: xyz
我在尝试验证我的 cloudformation 模板时收到 "Template contains errors.: [/Resources/CloudTrail/Type/EventSelectors] 'null' values are not allowed in templates" 错误。
"Conditions":
"S3Enabled":
"Fn::Equals":
- "IsS3Enabled"
- "true"
"Parameters":
"IsS3Enabled":
"AllowedValues":
- "true"
- "false"
"Default": "true"
"Description": "whether you want cloudtrail enabled for S3"
"Type": "String"
"LambdaArns":
"Default": "arn:aws:lambda"
"Description": "The lambda arns of cloudtrail event selectors"
"Type": "CommaDelimitedList"
"S3Arns":
"Default": "'arn:aws:s3:::'"
"Description": "The S3 arns of cloudtrail event selectors"
"Type": "CommaDelimitedList"
"Resources":
"CloudTrail":
"DependsOn":
- "CloudTrailLogBucketPolicy"
"Properties":
"EnableLogFileValidation": "true"
"EventSelectors":
"DataResources": {"Fn::If" : ["S3Enabled", { "Type": "AWS::S3::Object", "Values": !Ref "S3Arns"}, {"Type": "AWS::Lambda::Function", "Values": !Ref "LambdaArns"}]}
"IncludeGlobalServiceEvents": "true"
"IsLogging": "true"
"IsMultiRegionTrail": "true"
"S3BucketName":
"Ref": "CloudTrailLogBucket"
"S3KeyPrefix": "sample"
"TrailName": "sample"
"Type": "AWS::CloudTrail::Trail"
我正在使用的资源
- CloudTrail 云形成: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html
- Fn::If 文档: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-conditions.html#intrinsic-function-reference-conditions-if
我遇到过类似的问题,它们都会导致缩进,但找不到我的模板的错误。
- AWS Cloudformation [/Resources/PrivateGateway/Properties] 'null' values are not allowed in templates
CloudFormation Linter 捕捉到这个:
E0000: Null value at line 31 column 24
DataResources 缩进得不够远,EventSelectors 和 DataResources 都需要是列表
我建议首先像这样在没有 Fn::If 的情况下使用该模板片段:
"Resources":
"CloudTrail":
"DependsOn":
- "CloudTrailLogBucketPolicy"
"Properties":
"EnableLogFileValidation": "true"
"EventSelectors":
- "DataResources":
- Type: AWS::S3::Object
Values: !Ref S3Arns
然后使用Fn::If设置第一个DataResource在DataResources列表
yaml 可能如下所示:
cloudtrail:
Type: AWS::CloudTrail::Trail
Properties:
EnableLogFileValidation: Yes
EventSelectors:
- DataResources:
- Type: AWS::S3::Object
Values:
- arn:aws:s3:::s3-event-step-bucket/
IncludeManagementEvents: Yes
ReadWriteType: All
IncludeGlobalServiceEvents: Yes
IsLogging: Yes
IsMultiRegionTrail: Yes
S3BucketName: s3-event-step-bucket-storage
TrailName: xyz