我正在尝试创建一个将启用CloudTrail的CloudFormation脚本,并为用户提供一个选项来创建一个新的S3存储桶并使用它,或者使用当前存在的S3存储桶。我是AWS的新手,所以我有点迷茫。到目前为止,这是我已采用并修改的一些代码,而未添加条件等。

{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "CloudTrail",
"Parameters" : {
    "UseExisitingBucket" : {
        "Description" : "Yes/No",
        "Default" : "Yes",
        "Type" :  "String",
        "AllowedValues" : [ "yes", "no"]
    },
    "BucketName" : {
        "Description" : "Name of the S3 bucket.",
        "Type" : "String"
    },
    "TopicName" : {
        "Description" : "Name of the SNS topic.",
        "Type" : "String",
        "Default" : ""
    },
    "IncludeGlobalServiceEvents" : {
        "Description" : "Indicates whether the trail is publishing events from global services, such as IAM, to the log files.",
        "Type" : "String",
        "Default" : "false",
        "AllowedValues" : [
            "true",
            "false"
        ]
    }
},
"Conditions" : {
    "UseSNSTopic" : {
        "Fn::Not" : [
            {
                "Fn::Equals" : [
                    {
                        "Ref" : "TopicName"
                    },
                    ""
                ]
            }
        ]
    }
},
"Resources" : {
    "Trail" : {
        "Type" : "AWS::CloudTrail::Trail",
        "Properties" : {
            "IncludeGlobalServiceEvents" : {
                "Ref" : "IncludeGlobalServiceEvents"
            },
            "S3BucketName" : {
                "Ref" : "BucketName"
            },
            "SnsTopicName" : {
                "Fn::If" : [
                    "UseSNSTopic",
                    {
                        "Ref" : "TopicName"
                    },
                    {
                        "Ref" : "AWS::NoValue"
                    }
                ]
            },
            "IsLogging" : true
        }
    }
}


}

最佳答案

我建议您非常接近,删除UseExisitingBucket参数。然后将Default添加到BucketName,这样看起来像这样:

"ExistingBucketName" : {
    "Description" : "Name of the S3 bucket.",
    "Type" : "String",
    "Default": "None"
},


添加几个条件以检查是否提供了存储桶,或者是否需要创建新的存储桶:

"Conditions": {
    "CreateNewBucket": {
        "Fn::Equals": [
            {
                "Ref": "ExistingBucketName"
            },
            "None"
        ]
    },
    "UseExistingBucket": {
        "Fn::Not": [
            {
                "Fn::Equals": [
                    {
                        "Ref": "ExistingBucketName"
                    },
                    "None"
                ]
            }
        ]
    }
}


然后使用上述条件创建S3存储桶资源,如下所示:

"S3Bucket": {
    "Condition": "CreateNewBucket",
    ...
    ...

}


添加2个cloudtrail资源,一个带有“ CreateNewBucket”条件,并传递“ S3Bucket”资源,另一个带有“ UseExistingBucket”,并传递“ ExistingBucketName”

07-24 09:39
查看更多