我正在尝试通过https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html的文档来创建Cognito身份提供者。以下是该片段的示例,其中FederationMetadata.xml与CF模板定义位于同一文件夹中。
AWSTemplateFormatVersion: 2010-09-09
Description: Identity Provider
Resources:
CognitoUserPoolAIdProvider:
Type: "AWS::Cognito::UserPoolIdentityProvider"
Properties:
AttributeMapping:
email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
IdpIdentifiers: []
ProviderDetails:
IDPSignout: 'false'
MetadataFile: './FederationMetadata.xml'
SLORedirectBindingURI: https://<IP of ADFS>/adfs/ls/
SSORedirectBindingURI: https://<IP of ADFS>/adfs/ls/
ProviderName: MyIdProvider
ProviderType: SAML
UserPoolId: us_abcdef123
[尝试运行时,出现错误
Invalid XML (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: c047641b-7c69-4944-b4e4-e110cf8c2605)
我发现在运行时未提供文件内容:
{
"ProviderName": "MyIdProvider",
"UserPoolId": "us_abcdef123",
"AttributeMapping": {
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
},
"ProviderDetails": {
"MetadataFile": "./FederationMetadata.xml",
"SSORedirectBindingURI": "https://<IP>/adfs/ls/",
"IDPSignout": "false",
"SLORedirectBindingURI": "https://<IP>/adfs/ls/"
},
"ProviderType": "SAML",
"IdpIdentifiers": []
}
问题:如何在CF模板中引用FederationMetadata.xml文件?另外,粘贴XML文件的内容可以很好地工作,但是我想将元数据内容完全外部化到文件中。
MetadataFile的输入是XML的内容,而不是文件路径。因此,您有其他选择:
切换为使用接受公共URL到元数据文件的MetadataURL
或如果您使用AWS CLI进行CFN部署,则可以将MetadataFile用作CFN作为参数,并将XML内容传递给部署脚本,例如:
metadata=$(cat FederationMetadata.xml)
aws cloudformation deploy --stack-name YOUR_STACK --parameter-overrides MetadataFile="${metadata}"
将使用您的CFN:MetadataFile: Ref !MetadataFile