Utk*_*ari 1 amazon-web-services amazon-cloudfront aws-cloudformation
我定义了以下 Cloudformation 模板,我想在其中从参数文件传递公钥。“MyPublicKey”变量是字符串类型。我通过使用引用这个变量
EncodedKey !Ref MyPublicKey
在 PublicKeyConfig 下,如下所示。
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
MyPublicKey:
Type: String
Description: 'Public key for some purpose'
NoEcho: true
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Ref MyPublicKey
...
parameter.json 文件看起来像这样。公钥在原始 .pem 文件中是多行,但我在字符串中有换行符的地方添加了新行字符“\n”。
[
{
"ParameterKey": "MyPublicKey",
"ParameterValue": "-----BEGIN PUBLIC KEY-----\naaaa\nbbbb\n-----END PUBLIC KEY-----"
},
]
当尝试更新堆栈时,我收到以下错误:
Invalid request provided: AWS::CloudFront::PublicKey
似乎无法导入公钥。
根据注释,\n传递值时需要一个额外的字符,Ref应替换为Sub用于放置字符串的函数。
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Sub "${MyPublicKey}"
下面是内联键示例:
生成密钥:
openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
云信息模板:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN
lKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT
sZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh
MNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON
8BjcNloJE3NbLYshQPconb8pA+3jjkMF0QAH6rtc452G7CuS3KBfVQwWUeWE77kK
wQQir6YFvKP3pG8Ls55FxXBTCCNJl5LZcHt1D0cZmuoSLJj2mVzJgKGyLTdoIwAW
6QIDAQAB
-----END PUBLIC KEY-----
列出键:
aws cloudfront list-public-keys|jq .PublicKeyList.Items[1]
输出:
{
"Id": "08ZCTRKADSADASDAS",
"Name": "cloudfront-public-key",
"CreatedTime": "2021-02-27T10:25:43.076Z",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN\nlKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT\nsZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh\nMNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON\n8BjcNloJE3NbLYscZmuoSLJj2mVzJgKGyLTdoIwAW\n6QIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "Public key for signed url"
}
在 AWS cloudformation 中创建公钥时出现以下错误:提供的请求无效:AWS::CloudFront::PublicKey已应答。
| 归档时间: |
|
| 查看次数: |
1662 次 |
| 最近记录: |