英文:
CloudFormation: How to add multiple ARN for condition in a policy
问题
我有一个现有的事件规则,我正在尝试将新的事件规则添加到现有的事件总线中。
有一个允许条件的 sqs 策略,允许现有规则的 ARN,我正在努力添加新规则的 ARN。
以下是 CloudFormation 代码:
注意:我已经尝试添加 "[]",但没有成功,而且新事件规则不存在意味着必须作为新规则添加。
EventBus Code....
//
ExistingEventRule:
Type: AWS::Events::Rule
...
NewEventRule:
Type: AWS::Events::Rule
....
DlqSqsQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Statement:
- Action: sqs:SendMessage
Condition:
ArnEquals:
aws:SourceArn:
Fn::GetAtt:
- [
ExistingEventRule,
NewEventRule,
]
- Arn
Effect: Allow
错误:在调用 CreateChangeSet 操作时发生错误 (ValidationError):模板错误:每个 Fn::GetAtt 对象都需要两个非空参数,资源名称和资源属性。
原始语法:
Condition:
ArnEquals:
aws:SourceArn:
Fn::GetAtt:
- NewEventRule
- Arn
英文:
I have an existing event rule and I am trying to add a new event rule to the existing bus,
There is a sqs policy which has allows the condition to allow ARN of existing rule, I am struggling to add arn of new rule
Here is the Cfn code
Note: I have tried to add "[]" but it didn't work, also new eventrule does not exist means it has to be added as new rule.
EventBus Code....
//
ExistingEventRule:
Type: AWS::Events::Rule
...
NewEventRule:
Type: AWS::Events::Rule
....
DlqSqsQueuePolicy:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Statement:
- Action: sqs:SendMessage
Condition:
ArnEquals:
aws:SourceArn:
Fn::GetAtt:
- [
ExistingEventRule,
NewEventRule,
]
- Arn
Effect: Allow
Error: An error occurred (ValidationError) when calling the CreateChangeSet operation: Template error: every Fn::GetAtt object requires two non-empty parameters, the resource name and the resource attributes
Original syntax
Condition:
ArnEquals:
aws:SourceArn:
Fn::GetAtt:
- NewEventRule
- Arn
答案1
得分: 1
条件:
ArnEquals:
aws:SourceArn:
- !GetAtt ExistingEventRule.Arn
- !GetAtt NewEventRule.Arn
英文:
You have to do it separately:
Condition:
ArnEquals:
aws:SourceArn:
- !GetAtt ExistingEventRule.Arn
- !GetAtt NewEventRule.Arn
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论