如何在 cloudformation 属性中使用条件?
How do I use conditions in cloudformation properties?
我正在尝试创建一个创建角色的 cloudformation 模板,我想在该角色中包含托管策略,但前提是条件为真,但 cloudformation 不允许这样做:
"MyRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"ManagedPolicyArns": [
"Condition": "MyCondition":
{
"Ref": "EMRFullAccessManagedPolicy"
}
],
"RoleName": {
myRole
}
}
}
有没有办法以这种方式在属性中使用条件?
您可以使用 Fn::If:
"ManagedPolicyArns":
{"Fn::If" : [
"MyCondition",
["Ref": "EMRFullAccessManagedPolicy"],
[]
]}
或
"ManagedPolicyArns":
{ "Fn::If":
["AddSageMakerAccess",
["arn:aws:iam::aws:policy/AmazonSageMakerFullAccess" ],
{ "Fn::If":
["AddEMRFullAccessPolicy",
["arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2" ],
[]
]
}
]
},
如果 AddSageMakerAccess 和 AddEMRFullAccessPolicy 相互排斥,上述方法将起作用。
我正在尝试创建一个创建角色的 cloudformation 模板,我想在该角色中包含托管策略,但前提是条件为真,但 cloudformation 不允许这样做:
"MyRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"ManagedPolicyArns": [
"Condition": "MyCondition":
{
"Ref": "EMRFullAccessManagedPolicy"
}
],
"RoleName": {
myRole
}
}
}
有没有办法以这种方式在属性中使用条件?
您可以使用 Fn::If:
"ManagedPolicyArns":
{"Fn::If" : [
"MyCondition",
["Ref": "EMRFullAccessManagedPolicy"],
[]
]}
或
"ManagedPolicyArns":
{ "Fn::If":
["AddSageMakerAccess",
["arn:aws:iam::aws:policy/AmazonSageMakerFullAccess" ],
{ "Fn::If":
["AddEMRFullAccessPolicy",
["arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2" ],
[]
]
}
]
},
如果 AddSageMakerAccess 和 AddEMRFullAccessPolicy 相互排斥,上述方法将起作用。