Jos*_*rds 5 amazon-web-services elasticsearch aws-cloudformation
提前致谢!
多年来我一直坚持这个问题,找不到解决方案......
基本上我想在我的弹性搜索服务上实现相同的访问策略,但是当我尝试在cloudformation中重新创建它时,我收到一个循环依赖性错误..我知道导致错误的Fn :: GetAtt是什么引用了弹性搜索DomainArn.
所以我的问题是如何在不引用我的elk域arn的情况下实现此语句?
模板包含错误:资源之间的循环依赖:[XXXXXX]
"XXXXXX": {
"Type": "AWS::Elasticsearch::Domain",
"Properties": {
"AccessPolicies": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": ["myuser", "Arn"]
}
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
}
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
},
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"xx.xx.xx.xx",
"xx.xx.xx.xx"
]
}
}
}
]
},
"DomainName": "XXXXXX",
"EBSOptions": {
"EBSEnabled": "True",
"VolumeSize": 10,
"VolumeType": "gp2"
},
"ElasticsearchClusterConfig": {
"InstanceCount": 1,
"InstanceType": "t2.small.elasticsearch"
},
"ElasticsearchVersion": "5.1",
"SnapshotOptions": {
"AutomatedSnapshotStartHour": 0
},
"Tags": {
"Key": "name",
"Value": "XXXXXX"
}
}
},
小智 7
而不是用于Fn::GetAtt检索域ARN,而是使用此处Fn:Sub的规则构建ARN (向下滚动到"使用以下语法为Amazon ES指定域资源").
{ "Fn::Sub":"arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/XXXXXX" }
| 归档时间: |
|
| 查看次数: |
988 次 |
| 最近记录: |