问题
In AWS CloudFormation, you can specify a template by uploading a template file or by specifying a S3 URL to a template. (Specify an Amazon S3 template URL)
If the bucket is public, you can construct a URL for anyone to access the object/template. This works fine as long as the S3 template URL is a simple URL:
https://s3.amazonaws.com/public-bucket/unsigned.template
But if the bucket is private, you can generate a signed S3 URL if you want to share an object to others. I am given a URL that is a signed S3 URL for a template in a private bucket:
https://s3.amazonaws.com/private-bucket/signed.template?Signature=Cs6sqUABadcfZAuFu5FSMWAQ%3D&Expires=1459636414&AWSAccessKeyId=AKIAJ23456AXIOUBCNQ
Unfortunately CF is not honoring the signed URL and strips everything after .template. Due to this I get Access Denied error. Does anyone know a way to specify a signed S3 URL as a template in CloudFormation?
回答1:
AWS finally acknowledged that it is a bug in CloudFormation and they are working on a fix. No ETA on that yet.
回答2:
It seems that you can only use a URL you have access to (signed URLs are note enough). But if you are willing to use the aws cli, you could also use curl to get the contents of the template and create the stack using --template-body
$ aws cloudformation create-stack --template-body "$(curl -s '<signed url>')" --stack-name test --parameters ParameterKey=string,ParameterValue=string
If you are scripting, save the template to a temporary file and then pass it to template-body
来源:https://stackoverflow.com/questions/35784849/how-can-i-specify-a-signed-s3-url-as-template-in-cloudformation