CloudFormation validate 支持验证 s3 中的 cloudformation 模板。
如何验证 s3 位置中的所有文件。这些文件位于一个文件夹中。
您可以使用下面的
python
脚本来验证s3存储桶/文件夹中的所有cloudformation模板Object Url
/Public Url
,然后将 url 传递给 validate_file
函数
import boto3
s3_uri="s3://BUCKET_NAME/FOLDER_1/FOLDER2/" # S3 URI of the folder you want to recursively scan, Replace this with your own S3 URI
# Split the s3 uri to extract bucket name and the file prefix
# Splitting S# 3 URI will generate an array
# Combine the appropirate elements of the array to extraxt BUCKET_NAME and PREFIX
arr=s3_uri.split('/')
bucket =arr[2]
prefix=""
for i in range(3,len(arr)-1):
prefix=prefix+arr[i]+"/"
s3_client = boto3.client("s3")
def validate_file(object_url): # function to validate cloudformation template
cloudformation_client = boto3.client('cloudformation')
response = cloudformation_client.validate_template(
TemplateURL=object_url
)
print(response) # print the response
def get_all_s3_files(bucket,prefix,s3_client): # generate object url of all files in the folder and pass it to validate function
response = s3_client.list_objects_v2(Bucket=bucket, Prefix=prefix) # Featch Meta-data of all the files in the folder
files = response.get("Contents")
for file in files: # Iterate through each files
file_path=file['Key']
object_url="https://"+bucket+".s3.amazonaws.com/"+file_path #create Object URL Manually
print("Object Url = "+object_url)
if object_url.endswith(".yml"):
validate_file(object_url=object_url) # validate all files
get_all_s3_files(bucket=bucket,prefix=prefix,s3_client=s3_client)
使用 BASH 来完成
此示例假设您安装了 aws cli 和 jq cli 工具。它还假设您的云形成文件已上传到 s3。
BUCKET_NAME="bucket-name-here"
TEMPLATE_FOLDER="cloudformation/templates"
objects=$(aws s3api list-objects --bucket $BUCKET_NAME --prefix $TEMPLATE_FOLDER --query "Contents[].Key" --output json)
for file in $(echo $objects | jq -r '.[]'); do
if [[ $file == *.yml ]] then;
TEMPLATE_URL="https://${BUCKET_NAME}.s3.amazonaws.com/${file}"
echo "URL: $TEMPLATE_URL"
aws cloudformation validate-template --template-url "${TEMPLATE_URL}" 1>/dev/null
fi
done