bea*_*eph 3 amazon-web-services aws-cloudformation aws-config
我正在研究通过 AWS cloudformation 部署一致性包的概念验证,但我被错误“为不需要它们的模板指定的参数值”所困扰。我使用的配置规则确实需要一个参数。代码附后。我还使用 cfn-lint 测试了该模板,但没有收到任何反馈/错误。
我的模板很“简单”,如下:
Parameters:
ElbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName:
Default: ELBSecurityPolicy-2016-08
Type: String
Resources:
TestingConformancePack:
Type: AWS::Config::ConformancePack
Properties:
ConformancePackName: TestCP
ConformancePackInputParameters:
-
ParameterName: PredefinedPolicyName
ParameterValue: !Ref ElbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName
TemplateBody: |
Resources:
ElbPredefinedSecurityPolicySslCheck:
Properties:
ConfigRuleName: elb-predefined-security-policy-ssl-check
InputParameters:
predefinedPolicyName:
Ref: ElbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
原因是您将参数(在 中指定的参数)传递给不包含节ConformancePackInputParameters的 CloudFormation 模板(在 中指定的参数) ,因此不需要任何参数。为了解决这个问题,您需要向内部 CloudFormation 模板添加一个参数,然后您可以参考:TemplateBodyParameterspredefinedPolicyName
以下模板适合我:
Parameters:
ElbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName:
Default: ELBSecurityPolicy-2016-08
Type: String
Resources:
TestingConformancePack:
Type: AWS::Config::ConformancePack
Properties:
ConformancePackName: TestCP
ConformancePackInputParameters:
-
ParameterName: PredefinedPolicyName
ParameterValue: !Ref ElbPredefinedSecurityPolicySslCheckParamPredefinedPolicyName
TemplateBody: |
Parameters:
PredefinedPolicyName:
Type: String
Resources:
ElbPredefinedSecurityPolicySslCheck:
Properties:
ConfigRuleName: elb-predefined-security-policy-ssl-check
InputParameters:
predefinedPolicyName:
Ref: PredefinedPolicyName
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_PREDEFINED_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
| 归档时间: |
|
| 查看次数: |
7160 次 |
| 最近记录: |