资源定义格式错误
Ben*_*min 2 amazon-web-services amazon-sns aws-cloudformation amazon-iam
我正在编写一个用于构建 ECR 存储库的 cloudformation 模板。我使用事件模式构建了它,仅当图像扫描具有高漏洞或严重漏洞时,才会在将图像推送到存储库时通知我。为了简单起见,我首先构建了它,以便它不向 SNS 发送通知,而是在 Cloudwatch 日志中创建一个日志条目。这一切都很顺利,但现在我试图让它通过 SNS 发送电子邮件,但我遇到了问题。我在主题策略中尝试了几种不同的方法,例如 !GetAtt ScanReportTopic.arn 作为资源的值,我还尝试了资源:“*”以及其他一些方法。
我不知道还能尝试什么。这是我正在使用的模板(电子邮件已混淆)
Resources:
EventBusTestRuleCritical:
Type: AWS::Events::Rule
Properties:
EventBusName: default
EventPattern:
source:
- aws.ecr
detail-type:
- ECR Image Scan
detail:
finding-severity-counts:
CRITICAL:
- exists: true
Targets:
- Arn: !Ref ScanReportTopic
Id: ScanReporting
EventBusTestRuleHigh:
Type: AWS::Events::Rule
Properties:
EventBusName: default
EventPattern:
source:
- aws.ecr
detail-type:
- ECR Image Scan
detail:
finding-severity-counts:
HIGH:
- exists: true
Targets:
- Arn: !Ref ScanReportTopic
Id: ScanReporting
ECRTestRepo:
Type: AWS::ECR::Repository
Properties:
RepositoryName: TestScanRepo #Optional
ImageScanningConfiguration:
scanOnPush: "true"
ScanReportTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName: scanTopic #Optional
Subscription:
- Endpoint: notreal@fakemail.com
Protocol: email
# TopicName: Optional
TopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
Topics:
-
!Ref ScanReportTopic
PolicyDocument:
Id: !Ref ScanReportTopic
Statement:
- Sid: __default_statement_ID
Effect: Allow
Action: sns:Publish
Resource: !Ref ScanReportTopic
Principal: !Sub 'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/default'
下面的所有内容都TopicPolicy需要进一步缩进:
TopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
Topics:
-
!Ref ScanReportTopic
PolicyDocument:
Id: !Ref ScanReportTopic
Statement:
- Sid: __default_statement_ID
Effect: Allow
Action: sns:Publish
Resource: !Ref ScanReportTopic
Principal: !Sub 'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/default'
建议在VSCode中尝试使用CloudFormation Linter,在创作模板以及自动完成和文档链接时查看其中的一些内联错误:
| 归档时间: |
|
| 查看次数: |
5463 次 |
| 最近记录: |