我有一个创建嵌套对象的脚本。我想循环访问这些对象并在 CloudFormation 模板中创建资源。该脚本动态生成对象字符串,并且有可能,例如“pAccountIds4”对象(如下所示)可能不存在。在这种情况下,我想有条件地检查是否存在第一个“pAccountIds1”以外的对象。
但是,在 CloudFormation 模板中,我遇到以下错误:“Transform AWS::LanguageExtensions failed with: Fn::ForEach collection must be a list of strings”我不确定如何解决此错误。
这是我的对象的示例:
{
"Parameters": {
"pAccountIds1": "886180295749,169278231308,888561797329,316900773169",
"pAccountIds2": "776321084004,404626256571,598611764315,325462626455,",
"pAccountIds3": "388805547470,169282815852,117009268289,124665313191",
"pAccountIds4": "543887508227,146967747421,198623621466,316135323942"
}
}
这是我的模板:
---
Transform: 'AWS::LanguageExtensions'
###
## Parameters
Parameters:
pAccountIds1:
Description: First 100 list of member account ids to grant CloudTrail log access.
Type: CommaDelimitedList
pAccountIds2:
Description: Second 100 of member account ids to grant CloudTrail log access.
Type: CommaDelimitedList
Default: ""
pAccountIds3:
Description: Third 100 of member account ids to grant CloudTrail log access.
Type: CommaDelimitedList
Default: ""
pAccountIds4:
Description: Fourth 100 of member account ids to grant CloudTrail log access.
Type: CommaDelimitedList
Default: ""
pDatabaseName:
Type: String
Default: 'amazon_security_lake_glue_db_eu_west_1'
pCloudtrailTableName:
Type: String
Default: 'amazon_security_lake_table_eu_west_1_cloud_trail_mgmt_1_0'
OutputName:
Description: The name of the output
Value: pAccountIds1
###
## Resources
Resources:
'Fn::ForEach::CloudTrailShares':
- AccountId
- [!Ref pAccountIds1, !Ref pAccountIds2, !Ref pAccountIds3, !Ref pAccountIds4]
- 'CloudTrailFilter${AccountId}':
Type: AWS::LakeFormation::DataCellsFilter
Properties:
TableCatalogId: !Ref 'AWS::AccountId'
DatabaseName: !Ref pDatabaseName
TableName: !Ref pCloudtrailTableName
Name: !Join ['_', ['cloudtrail', !Ref AccountId]]
RowFilter:
FilterExpression: !Sub "accountid='${AccountId}'"
ColumnWildcard: {}
'CloudTrailPermission${AccountId}':
Type: AWS::LakeFormation::PrincipalPermissions
Properties:
Principal:
DataLakePrincipalIdentifier: !Ref AccountId
Permissions: ['SELECT']
PermissionsWithGrantOption: ['SELECT']
Resource:
DataCellsFilter:
TableCatalogId: !Ref 'AWS::AccountId'
Name: !Select
- 3
- !Split
- '|'
- !Ref
Fn::Sub: 'CloudTrailFilter${AccountId}'
TableName: !Ref pCloudtrailTableName
DatabaseName: !Ref pDatabaseName
要迭代的值的集合。这可以是此参数中的数组,或者它可以是对 CommaDelimitedList 的引用。
您提供的是:
[!Ref pAccountIds1, !Ref pAccountIds2, !Ref pAccountIds3, !Ref pAccountIds4]
因为pAccountIds1、
pAccountIds2pAccountIds3pAccountIds4每个都是一个
CommaDelimitedList[
[ "886180295749","169278231308","888561797329","316900773169" ],
[ "776321084004","404626256571","598611764315","325462626455" ],
[ "388805547470","169282815852","117009268289","124665313191" ],
[ "543887508227","146967747421","198623621466","316135323942" ]
]
错误表明它必须是一个字符串列表:
[
"886180295749","169278231308","888561797329","316900773169","776321084004",
"404626256571","598611764315","325462626455","388805547470","169282815852",
"117009268289","124665313191","543887508227","146967747421","198623621466",
"316135323942"
]
换句话说,循环中
AccountId"886180295749"[ "886180295749","169278231308","888561797329","316900773169" ]您需要将所有帐户 ID 放入单个
CommaDelimitedList'Fn::ForEach::CloudTrailShares':
- AccountId
- !Split [",",
!Join [",",
[!Ref pAccountIds1, !Ref pAccountIds2, !Ref pAccountIds3, !Ref pAccountIds4]
]
]
- ...