CloudFormation,在DependsOn上应用条件 [英] CloudFormation, apply Condition on DependsOn
问题描述
我需要做的任务是使CDN依赖于S3存储桶。但是我们想使用现有的存储桶而不是创建一个新的存储桶。
The task that I need to do is make CDN depend on a S3 bucket. But we want to make it use the existing bucket rather than creating a new one.
这是我正在尝试的示例代码:
Here is the sample code that I am trying:
"Parameters" : {
"UseExistingBucket" : {
"Description" : "Yes/No",
"Default" : "yes",
"Type" : "String",
"AllowedValues" : [ "yes", "no" ]
}
},
"Conditions" : {
"CreateS3Resources" : {"Fn::Equals" : [{"Ref" : "UseExistingBucket"}, "no"]}
},
"Resources" : {
"StaticBucket" : {
"Type" : "AWS::S3::Bucket",
"Condition" : "CreateS3Resources",
"Properties" : {
"BucketName" : { "Fn::Join": [ "-", [ "app", { "Ref": "EnvType" }, "static" ] ] }
},
"DeletionPolicy": "Retain"
},
"MyStaticDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Origins": [
{
"DomainName": {
"Fn::If" : [
"CreateS3Resources",
{ "Fn::Join": [ "-", [ "app", { "Ref": "EnvType" }, "static" ] ] },
{"Fn::GetAtt": [ "StaticBucket", "DomainName" ] }
]
},
"Id": "S3Origin",
}
]
}
},
"DependsOn": [{
"Fn::If" : [
"CreateS3Resources",
{ "Fn::Join": [ "-", [ "app", { "Ref": "EnvType" }, "static" ] ] },
""
]
}]
}
}
如果需要,请向我建议更多详细信息(至少stackoverflow确实需要更多详细信息,但我没有指定任何详细信息:-P)
Please suggest to me any more details, if they are required (atleast stackoverflow does wants more details, but I have not specified any :-P)
推荐答案
您可以使用包裹在条件 Fn:If 中的 Fn:GetAtt 来实现。 使用Fn:GetAtt表示依赖项,因此CloudFormation到达该函数后将自动等待,就像使用DependsOn一样。
You can do this by using Fn:GetAtt wrapped in a conditional Fn:If. Using Fn:GetAtt implies a dependency, so CloudFormation will automatically wait once it reaches that function, the same as if you were using a DependsOn.
示例
下面的代码段通过有条件地检索尚未创建但仅在条件UseNestedStack设置为true的情况下才创建的嵌套堆栈。如果UseNestedStack为false,它将不再等待,而是检索本地变量名称。
The code snippet below shows this by conditionally retrieving the name of a nested stack that has not yet been created but only does so if the condition UseNestedStack is set to true. If UseNestedStack is false it will not wait and instead retrieve a local variable name.
{
"Fn::If": ["UseNestedStack", {
"Fn::GetAtt": ["NestedStack", "Outputs.Name"]
}, {
"Ref": "LocalName"
}]
我怎么知道这个? (另一个示例)
不幸的是,没有正式的文档正式说明这一点,但是AWS告诉我这样做,在他们的代码示例中,可以看到,当订单问题时,他们使用Fn:GetAtt。我已经尝试了无数次,并且每次都有效。自己尝试在一个简单的堆栈上。这是我调整并使用过的AWS lambda示例的一些伪证据。如果在资源AMI信息之后创建AMI函数,则下面的堆栈可能无法工作,AMI Info需要AMI函数的输出,因此AWS已使用Fn:GetAtt将它们链接在一起。要查看此滚动到底部并查看资源AMIInfo,您将看到它通过fn:Gett引用了AMIFunction。 CloudFormation看到了这一点,然后回到AMIFunction首先创建它。
Unfortunately there is no official documentation officially stating this but it was AWS that told me to do it this way and in their code examples you can see that when order matters they use Fn:GetAtt. I've tried this numerous times and it works every time. Try it yourself on a simple stack. Here is some more pseudo proof from an AWS lambda example that I tweaked and have used myself. The stack below could not possibly work if the AMI function is created after the resource AMI info, AMI Info needs output of the AMI function, so AWS has chained them together using Fn: GetAtt. To see this scroll to the bottom and look at the resource AMIInfo and you will see it references AMIFunction via fn: Gett. CloudFormation sees this and goes back to AMIFunction to create it first.
"AMIInfoFunction": {
"DependsOn":"SourceStack",
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"S3Bucket": { "Ref": "DeploymentBucket" },
"S3Key": {"Fn::Join": [
"",
[
{
"Ref": "ApplicationName"
},
"/amilookup.zip"
]
]}
},
"Handler": "amilookup.handler",
"Runtime": "nodejs",
"Timeout": "30",
"Role": { "Fn::GetAtt" : ["LambdaExecutionRole", "Arn"] },
"VpcConfig": {
"SecurityGroupIds": [ {"Ref": "InstanceSecurityGroup"}],
"SubnetIds": [ {"Ref":"PrivateSubnetA"},{"Ref":"PrivateSubnetB"} ]
}
}
},
"AMIInfo": {
"Type": "Custom::AMIInfo",
"Properties": {
"ServiceToken": { "Fn::GetAtt" : ["AMIInfoFunction", "Arn"] },
"StackName": { "Ref":"SourceStack" }
}
}
这篇关于CloudFormation,在DependsOn上应用条件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
