Go to Qiita Advent Calendar 2024 Top
LoginSignup
3
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@mememe222inハンズラボ株式会社

CloudFormation Resourceに複数!Subを設定する

Posted at

Mappingsで定義したパラメータをResourceで使いたい。リソースは複数。

Resource: !Sub
  - "arn:aws:s3:::${BucketName}"
  - BucketName: !FindInMap
    - S3Bucket
    - !Ref Env
    - Name

↑に続けて "arn:aws:s3:::${BucketName}/*" を設定したいけど、色々試してみるもテンプレートエラーが出る…

どうにもならないので、会社の技術質問チャンネルに投稿!

解決

一瞬で解決。正解を教えていただきました。

(Fさんありがとうございました!)

抜粋

Resource:
  - !Sub
    - "arn:aws:s3:::${BucketName}"
    - BucketName: !FindInMap
      - S3Bucket
      - !Ref Env
      - Name
  - !Sub
    - "arn:aws:s3:::${BucketName}/*"
    - BucketName: !FindInMap
      - S3Bucket
      - !Ref Env
      - Name

ファイル全文

AWSTemplateFormatVersion: 2010-09-09

Parameters:
  Env:
    Type: String
    Default: stg
  Region:
    Type: String
    Default: ap-northeast-1

Mappings:
  S3Bucket:
    stg:
      Name: "test-bucket-stg"
    prod:
      Name: "test-bucket-prod"

Resources:
  TestRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - ec2.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      Policies:
      - PolicyName: test-s3-bucket-read-only-access
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
          - Effect: Allow
            Action:
              - "s3:ListBucket"
              - "s3:GetObject"
            Resource:
              - !Sub
                - "arn:aws:s3:::${BucketName}"
                - BucketName: !FindInMap
                  - S3Bucket
                  - !Ref Env
                  - Name
              - !Sub
                - "arn:aws:s3:::${BucketName}/*"
                - BucketName: !FindInMap
                  - S3Bucket
                  - !Ref Env
                  - Name
      RoleName: !Sub "${Env}-test-role"

!Subにぶら下げるという発想がなかった。

NG集

Resource:
  - !Sub "arn:aws:s3:::${BucketName}"
  - BucketName: !FindInMap
    - S3Bucket
    - !Ref Env
    - Name
  - !Sub "arn:aws:s3:::${BucketName}/*"
  - BucketName: !FindInMap
    - S3Bucket
    - !Ref Env
    - Name

Resource: !Sub
  - "arn:aws:s3:::${BucketName}"
  - BucketName: !FindInMap
    - S3Bucket
    - !Ref Env
    - Name
  - "arn:aws:s3:::${BucketName}/*"
  - BucketName: !FindInMap
    - S3Bucket
    - !Ref Env
    - Name

Resource:
  - !Sub "arn:aws:s3:::${BucketName}"
  - !Sub "arn:aws:s3:::${BucketName}/*"
  - BucketName: !FindInMap
    - S3Bucket
    - !Ref Env
    - Name

Resource: !Sub
  - "arn:aws:s3:::${BucketName}"
  - "arn:aws:s3:::${BucketName}/*"
  - BucketName: !FindInMap
    - S3Bucket
    - !Ref Env
    - Name

いろいろムダに試行錯誤してしまった…

最後に

同じく困っている方(私だけ?)の助けになれば幸いです。

今回教えてくださった方は別のグループで
面識があまりないやつにも親切に教えてくれる、
そういう方々ばかりで改めていい会社だなあと思いました。感謝。

3
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
3
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?