amazon-cloudformation

问题 I am trying to create an AWS API Gateway of PRIVATE type, This requires a resource policy, which I have as I'm able to create the gateway from the AWS Console, I wanted to know how I could add the resource policy via the CF template - Following is the swagger definition of the resource policy - x-amazon-apigateway-policy: Version: "2012-10-17" Statement: - Effect: "Deny" Principal: "*" Action: "execute-api:Invoke" Resource: "arn:aws:execute-api:us-east-1:awsAccountId:xxxx/*/*/*" Condition:

问题 The following image is my question. SO would not allow me to post because of some error about formatting code incorrectly that I couldn't figure out how to resolve after an hour of trying. Image of my question 回答1: I've been bitten by this too. It boils down to limitations on CloudFormation's intrinsic functions (source) : Note You can use intrinsic functions only in specific parts of a template. Currently, you can use intrinsic functions in resource properties , metadata attributes, and

问题 I'm having a lot of trouble trying to get a Cloud Formation template running correctly with auto scaling. I have the following resource: "LaunchConfig" : { "Type" : "AWS::AutoScaling::LaunchConfiguration", "Properties" : { "KeyName" : { "Fn::FindInMap" : [ "EnvironmentToKeyName", { "Ref" : "Environment" }, "KeyName" ] }, "ImageId" : { "Fn::FindInMap" : [ "AWSRegionToAMI", { "Ref" : "AWS::Region" }, "AMI" ] }, "SecurityGroups" : [ "neat_spi" ], "InstanceType" : { "Ref" : "InstanceType" },

问题 I need to download a file during the initialisation of my Windows instance. To test this, I'm using the following script to download the Google logo (using a simplified version of the Windows Roles and Features template): { "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "Test download.", "Resources" : { "InstanceSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable RDP", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp", "FromPort" :

问题 When using CloudFormation templates, I find the "Custom Resource" feature, with its Lambda backing function implementation, very useful to handle all kinds of tasks that CloudFormation does not provide good support for. Usually, I use custom resources to setup things during stack creation (such as looking up AMI names) or clean up things during deletion (such as removing objects from S3 or Route53 that would block deletion) - and this works great. But when I try to actually use a "custom

问题 if i am creating an SQS Queue via Cloudformation, are you able to attach an second QueuePolicy after the SQS Queue has been created? if i do run this following config: Resources: SQSQueue: Properties: QueueName: !Ref SQSQueuename Type: 'AWS::SQS::Queue' QueuePolicy: Type: 'AWS::SQS::QueuePolicy' Properties: PolicyDocument: Id: !Ref SQSQueuename Statement: - Sid: QueuePolicy2-SendMessage-To-Queue-From-SNS-Topic Effect: Allow Principal: AWS: !Ref AccountID Action: - 'sqs:*' Resource: 'arn:aws

问题 In AWS CloudFormation, you can define a stack of services with a JSON/YAML template. In particular, I am using Redshift and Aurora clusters. The template allows you to define administrative properties of the cluster, but there doesn't seem to be a clear way to define tables, views, and indexes in the cluster such that when I push updates of stack, the DB's automatically update the schema as needed, similar to the way it manages updates to full stacks. Is there a way to manage the schema of

问题 I looked though the documentation but didn't find a way to do this. I have a API Gateway method that has a Body Mapping Template, as in the picture attached. How do I map this template in CloudFormation? (I'm using JSON). I added "PassthroughBehavior": "WHEN_NO_TEMPLATES", but haven't found a way to add the Content-Type mapping. Thank you. 回答1: You can do this as part of the RequestTemplates property described here. It should look something like this: "APIMethodGet": { "Type": "AWS:

问题 I'd like to create a CloudFormation template that creates a security group resource that allows ingress from a variable list of other security groups. The template would take a parameter of type List<AWS::EC2::SecurityGroup::Id> . I'll name this parameter SourceSecurityGroupIds for this example. Then, it would create a security group resource using something like: { "LogServerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "XYZ security group", "VpcId"

问题 I am creating an instance through the cloud formation script. The only way I found to attach an OS partition was through "BlockDeviceMappings" property. (I've tried to use "Volumes" property before, but the instance could not be mounted, the system told me that /dev/sda was already mapped and rolled back the instance creation) Here is the relevant portion of my template: "Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "BlockDeviceMappings" : [{ "DeviceName" :