在 AWS Proton 模板中,我们使用 Jinja 的双大括号语法
"{{}}"例如,使用 Cloudformation 定义一个 RDS 实例,其密码存储在 Secrets Manager 中,如下所示:
MyDBInstance2:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 20
DBInstanceClass: db.t2.micro
DBName: !Ref RDSDBName
Engine: mysql
MasterUsername:
Fn::Join:
- ""
- - "{{resolve:secretsmanager:"
- Ref: DBCredentialsSecret
- ":SecretString:username::}}"
MasterUserPassword:
Fn::Join:
- ""
- - "{{resolve:secretsmanager:"
- Ref: DBCredentialsSecret
- ":SecretString:password::}}"
MultiAZ: False
PubliclyAccessible: False
StorageType: gp2
DBSubnetGroupName: !Ref myDBSubnetGroup
VPCSecurityGroups:
- !Ref RDSSecurityGroup
BackupRetentionPeriod: 0
DBInstanceIdentifier: 'rotation-instance'
是否可以在 Proton 模板中包含动态引用?我怎样才能知道我的模板出了什么问题?
我最终找到了解决方案:
Jinja 支持使用“{% raw %}{% endraw %}”语法进行转义(文档)
使用它,我能够构建以下有效模板:
MyDBInstance2:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 20
DBInstanceClass: db.t2.micro
DBName: !Ref RDSDBName
Engine: mysql
MasterUsername:
Fn::Join:
- ""
- - "{% raw %}{{resolve:secretsmanager:{%endraw%}"
- Ref: DBCredentialsSecretAFB45EA2
- "{% raw %}:SecretString:username::}}{%endraw%}"
MasterUserPassword:
Fn::Join:
- ""
- - "{% raw %}{{resolve:secretsmanager:{%endraw%}"
- Ref: DBCredentialsSecretAFB45EA2
- "{% raw %}:SecretString:password::}}{%endraw%}"
MultiAZ: False
PubliclyAccessible: False
StorageType: gp2
DBSubnetGroupName: !Ref myDBSubnetGroup
VPCSecurityGroups:
- !Ref RDSSecurityGroup
BackupRetentionPeriod: 0
DBInstanceIdentifier: 'rotation-instance'
修复非常有帮助!我花了很长时间进行故障排除,这解决了我使用权杖管理的云形成模板的问题。谢谢!