amazon-cloudformation - AWS Cloudformation how from S3 bucket names CommaDelimitedList make list of ARN - semi for loop cycle
问题描述
Here are parameters - S3 bucket names list:
Parameters:
S3BucketNames:
Description: Enter S3 Bucket Names
Type: CommaDelimitedList
Default: my-first-bucket,testing-bucket,codepipeline-bucket
Need to make policy IAM Policy for GetObject, PutObject operations, when arn has to be in the following format suitable for IAM policy:
arn:${Partition}:s3:::${BucketName}/${ObjectName}
In my example it should look like:
"arn:aws:s3:::my-first-bucket/*",
"arn:aws:s3:::testing-bucket/*",
"arn:aws:s3:::codepipeline-bucket/*"
解决方案
I had to think a bit how I can pull it off, obvious when you know it, but maybe will be helpfull for someone:
S3RolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: DemoPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
Resource: !Split
- ","
- !Sub
- arn:aws:s3:::${S3Middle}/*
- S3Middle: !Join [ "/*,arn:aws:s3:::" , !Ref S3BucketNames ]
It's not a full CloudFormation template - just sample peace
推荐阅读
- twilio - 在 FusionPBX 上使用 Twilio SIP 中继
- javascript - javascript秒表用户输入
- python - 使用训练数据进行预测
- python - 在 Mac OS Mojave 上安装 pycuda 时出错:错误:命令“clang”失败,退出状态为 1
- css - 如何减少 sap.ui.table 单元格周围的空间
- flutter - Flutter 错误:使用不包含 MediaQuery 的上下文调用 MediaQuery.of()
- amazon-web-services - AWS Android Cognito SDK 返回“用户名或密码不正确”
- c++ - 关于 C++ 中结构向量中的向量的 EXC_BAD_ACCESS
- php - 致命错误:未捕获的错误:升级到 php 7.0 时,函数名称必须是...中的字符串
- mysql - 在 MYSQL 5.7 中实现 mariadb 的 NTILE() 函数