在Fn::if中使用多个Fn::Sub
在Fn::if中使用多个Fn::Sub
提问于 2020-09-17 20:38:52
当前正在尝试将Fn::if与多个Fn::Subs一起使用,但当前只转换了第一个。我尝试使用多种方法来创建它,但是这是我能够生成的唯一不会导致语法错误的方法。
Resource:
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- Fn::If:
- USRegion
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
!Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
!Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
!Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Ref AWS::NoValue已尝试使用
Resource:
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- Fn::If:
- USRegion
- - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Ref AWS::NoValue我在另一个SO问题中看到了这一点,但仍然没有骰子。
我该如何将其更改为转换每个值,而不是只转换第一个值?
编辑:对于这里的上下文,我已经添加了多个arn,它们不是if语句的一部分。
我找到了两个目前最好的解决方案
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5
- Fn::If:
- USRegion
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame1
- !Ref AWS::NoValue
- Fn::If:
- USRegion
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame2
- !Ref AWS::NoValue或
Fn::If:
- USRegion
- - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame1
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame2
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5
- - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5回答 2
Stack Overflow用户
回答已采纳
发布于 2020-09-17 20:52:29
我认为它应该是(注意缩进):
Resource:
Fn::If:
- USRegion
- - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- !Ref AWS::NoValue在这里,如果USRegion为真,则返回一个列表。在最初的尝试中,您希望创建一个列表列表。
但是您需要重新考虑使用AWS::NoValue,假设这是某种IAM策略。在IAM策略语句中,Resource是required,因此在USRegion为false的情况下,您不能在没有资源的情况下制定IAM策略。
Stack Overflow用户
发布于 2020-09-17 21:47:55
看起来您正在生成IAM策略。您的第二个尝试是产生类似这样的结果,在列表中包含一个列表。
Resource:
- - arn1
- arn2
- arn3
- arn4您的模板应如下所示:
Resource:
"Fn::If":
- USRegion
- !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
!Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
!Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
!Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
- []或者,如果不能将Resource设置为空数组,请将if语句移动到更高的位置,以便生成整个策略语句。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/63938212
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号