如果aws s3存储桶已经存在,我该如何修改它

问题描述 投票:0回答:1

我创建了 yaml 文件,该文件在 us-east-1 中创建 s3 存储桶,并使用 us-west-2 中的现有存储桶在其上附加复制规则。我的问题是,如果 us-east-1 中已存在存储桶,我想使用相同的模板 yaml 文件,并使用 us-west-2 进行复制规则。如果 s3 存储桶已经存在,则必须解决此问题,不要创建而只需修改它。但不幸的是我做不到,有人检查我的代码并帮助我吗?

AWSTemplateFormatVersion: 2010-09-09
Parameters:
 BucketName:
    Type: String
    Default: test-source-us-east-1

Resources:
 s3bucket:
    Type: 'AWS::S3::Bucket'
    UpdateReplacePolicy: Retain
    Properties:
      BucketName: !Ref BucketName
      VersioningConfiguration:
        Status: Enabled
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
      ReplicationConfiguration:
        Role: !GetAtt PublicBucketReplicationRole.Arn
        Rules:
          - Id: us-east-1
            Status: Enabled
            DeleteMarkerReplication:
              Status: Enabled
            Priority: 1
            Filter:
              Prefix: ''
            Destination:
              Bucket: 'arn:aws:s3:::test-source-us-west-2
 PublicBucketReplicationRole:
    Type: 'AWS::IAM::Role'
    DeletionPolicy: Retain
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: s3.amazonaws.com
            Action: 'sts:AssumeRole'
      Policies:
        - PolicyName: S3ReplicationConfigurationAccessRole
          PolicyDocument:
            Statement:
              - Effect: Allow
                Action:
                 - 's3:ListBucket'
                 - 's3:GetReplicationConfiguration'
                 - 's3:GetObjectVersionForReplication'
                 - 's3:GetObjectVersionAcl'
                 - 's3:GetObjectVersionTagging'
                 - 's3:GetObjectRetention'
                 - 's3:GetObjectLegalHold'
                Resource:
                 - 'arn:aws:s3:::test-source-us-east-1'
                 - 'arn:aws:s3:::test-source-us-east-1/*'
                 - 'arn:aws:s3:::test-source-us-west-2'
                 - 'arn:aws:s3:::test-source-us-west-2/*'
              - Effect: Allow
                Action:
                 - 's3:ReplicateObject'
                 - 's3:ReplicateDelete'
                 - 's3:ReplicateTags'
                 - 's3:ObjectOwnerOverrideToBucketOwner'
                Resource:
                 - 'arn:aws:s3:::test-source-us-east-1'
                 - 'arn:aws:s3:::test-source-us-east-1/*'
                 - 'arn:aws:s3:::test-source-us-west-2'
                 - 'arn:aws:s3:::test-source-us-west-2/*'
 s3bucketPolicyALID0987:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket:
        Ref: s3bucket
      PolicyDocument:
        Statement:
          - Action: s3:*
            Condition:
              Bool:
                aws:SecureTransport: "false"
            Effect: Deny
            Principal: "*"
            Resource:
              Fn::GetAtt:
                - s3bucket
                - Arn
        Version: "2012-10-17"

它将可重复用于在 us-east-1 中再次创建新的 s3 或现有 s3 存储桶(不要尝试创建它),以与 us-west-2 存储桶中进行同步。

amazon-web-services amazon-s3 yaml cloud aws-cloudformation
1个回答
0
投票

可以将 

DeletionPolicy: Retain
添加到模板的资源中,然后将现有资源导入到堆栈中。

流程是这样的:

  • 创建堆栈但不指定要导入的资源
  • 等待堆栈创建
  • 现在将要导入的资源添加到模板中
  • 最后在 UI 中使用 
    Import resources into stack option
    (或在 cli 中使用 
    aws cloudformation create-change-set --resources-to-import
    ...)。

参考:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-existing-stack.html

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.