ala*_*lan 3 amazon-web-services amazon-rds aws-cloudformation
我试图通过Cloudformation模板启动RDS堆栈.我想在我的数据库实例上启用增强监控.为此,MonitoringRoleArn必须在资源上指定属性.
据我所知,这个ARN应该指向已经给出AmazonRDSEnhancedMonitoringRole策略的IAM服务角色,如下所述:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html
理想情况下,我还希望通过Cloudformation创建该角色.然而,对于我的生活,我找不到如何在Cloudformation模板中执行此操作的示例.事实证明,Cloudformer工具不会分析IAM资源.
有没有人这样做过?你能分享一个例子吗?
就像avisheks提到的那样,发生了变化。
来自helloomichibye的示例不再有效。这是我在 YAML 中的代码(带有可配置的参数):
Parameters:
EnableEnhancedMonitoring:
Description: 'Provide metrics in real time for the operating system (OS) that your DB instance runs on.'
Type: String
AllowedValues: [true, false]
Default: false
Conditions:
HasEnhancedMonitoring: !Equals [ !Ref EnableEnhancedMonitoring, 'true' ]
Resources:
EnhancedMonitoringRole:
Condition: HasEnhancedMonitoring
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: ''
Effect: Allow
Principal:
Service: monitoring.rds.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole
Path: "/"
DBInstance:
Type: AWS::RDS::DBInstance
Properties:
...
MonitoringInterval: !If [HasEnhancedMonitoring, 60, 0]
MonitoringRoleArn: !If [HasEnhancedMonitoring, !GetAtt ['EnhancedMonitoringRole', 'Arn'], !Ref 'AWS::NoValue']
...
在YAML:
Role:
Type: 'AWS::IAM::Role'
Properties:
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole'
AssumeRolePolicyDocument:
Version: '2008-10-17'
Statement:
- Effect: Allow
Principal:
Service: 'rds.amazonaws.com'
Action: 'sts:AssumeRole'
然后,您需要在RDS实例的MonitoringRoleArn属性中引用该角色,如下所示:
!GetAtt ["Role", "Arn"]
如果您需要JSON中的示例,请告诉我.
| 归档时间: |
|
| 查看次数: |
1840 次 |
| 最近记录: |