我正在尝试创建一个将启用CloudTrail的CloudFormation脚本,并为用户提供一个选项来创建一个新的S3存储桶并使用它,或者使用当前存在的S3存储桶。我是AWS的新手,所以我有点迷茫。到目前为止,这是我已采用并修改的一些代码,而未添加条件等。
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "CloudTrail",
"Parameters" : {
"UseExisitingBucket" : {
"Description" : "Yes/No",
"Default" : "Yes",
"Type" : "String",
"AllowedValues" : [ "yes", "no"]
},
"BucketName" : {
"Description" : "Name of the S3 bucket.",
"Type" : "String"
},
"TopicName" : {
"Description" : "Name of the SNS topic.",
"Type" : "String",
"Default" : ""
},
"IncludeGlobalServiceEvents" : {
"Description" : "Indicates whether the trail is publishing events from global services, such as IAM, to the log files.",
"Type" : "String",
"Default" : "false",
"AllowedValues" : [
"true",
"false"
]
}
},
"Conditions" : {
"UseSNSTopic" : {
"Fn::Not" : [
{
"Fn::Equals" : [
{
"Ref" : "TopicName"
},
""
]
}
]
}
},
"Resources" : {
"Trail" : {
"Type" : "AWS::CloudTrail::Trail",
"Properties" : {
"IncludeGlobalServiceEvents" : {
"Ref" : "IncludeGlobalServiceEvents"
},
"S3BucketName" : {
"Ref" : "BucketName"
},
"SnsTopicName" : {
"Fn::If" : [
"UseSNSTopic",
{
"Ref" : "TopicName"
},
{
"Ref" : "AWS::NoValue"
}
]
},
"IsLogging" : true
}
}
}
}
最佳答案
我建议您非常接近,删除UseExisitingBucket
参数。然后将Default
添加到BucketName
,这样看起来像这样:
"ExistingBucketName" : {
"Description" : "Name of the S3 bucket.",
"Type" : "String",
"Default": "None"
},
添加几个条件以检查是否提供了存储桶,或者是否需要创建新的存储桶:
"Conditions": {
"CreateNewBucket": {
"Fn::Equals": [
{
"Ref": "ExistingBucketName"
},
"None"
]
},
"UseExistingBucket": {
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "ExistingBucketName"
},
"None"
]
}
]
}
}
然后使用上述条件创建S3存储桶资源,如下所示:
"S3Bucket": {
"Condition": "CreateNewBucket",
...
...
}
添加2个cloudtrail资源,一个带有“ CreateNewBucket”条件,并传递“ S3Bucket”资源,另一个带有“ UseExistingBucket”,并传递“ ExistingBucketName”