3

我正在尝试创建一个将启用 CloudTrail 的 CloudFormation 脚本,并为用户提供一个选项来创建一个新的 S3 存储桶并使用它,或者使用当前现有的 S3 存储桶。我是 AWS 的新手,所以我有点迷茫。这是我采取和修改的一些代码,到目前为止没有添加条件等。

{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "CloudTrail",
"Parameters" : {
    "UseExisitingBucket" : {
        "Description" : "Yes/No",
        "Default" : "Yes",
        "Type" :  "String",
        "AllowedValues" : [ "yes", "no"]
    },
    "BucketName" : {
        "Description" : "Name of the S3 bucket.",
        "Type" : "String"
    },
    "TopicName" : {
        "Description" : "Name of the SNS topic.",
        "Type" : "String",
        "Default" : ""
    },
    "IncludeGlobalServiceEvents" : {
        "Description" : "Indicates whether the trail is publishing events from global services, such as IAM, to the log files.",
        "Type" : "String",
        "Default" : "false",
        "AllowedValues" : [
            "true",
            "false"
        ]
    }
},
"Conditions" : {
    "UseSNSTopic" : {
        "Fn::Not" : [
            {
                "Fn::Equals" : [
                    {
                        "Ref" : "TopicName"
                    },
                    ""
                ]
            }
        ]
    }
},
"Resources" : {
    "Trail" : {
        "Type" : "AWS::CloudTrail::Trail",
        "Properties" : {
            "IncludeGlobalServiceEvents" : {
                "Ref" : "IncludeGlobalServiceEvents"
            },
            "S3BucketName" : {
                "Ref" : "BucketName"
            },
            "SnsTopicName" : {
                "Fn::If" : [
                    "UseSNSTopic",
                    {
                        "Ref" : "TopicName"
                    },
                    {
                        "Ref" : "AWS::NoValue"
                    }
                ]
            },
            "IsLogging" : true
        }
    }
}

}

4

1 回答 1

3

您非常接近,我建议您删除UseExisitingBucket参数。然后添加DefaultBucketName它看起来像这样:

"ExistingBucketName" : {
    "Description" : "Name of the S3 bucket.",
    "Type" : "String",
    "Default": "None"
},

添加几个条件以检查是否提供了存储桶或是否需要创建新存储桶:

"Conditions": {
    "CreateNewBucket": {
        "Fn::Equals": [
            {
                "Ref": "ExistingBucketName"
            },
            "None"
        ]
    },
    "UseExistingBucket": {
        "Fn::Not": [
            {
                "Fn::Equals": [
                    {
                        "Ref": "ExistingBucketName"
                    },
                    "None"
                ]                
            } 
        ]
    }
}

然后创建具有上述条件的 S3 Bucket 资源,例如:

"S3Bucket": {
    "Condition": "CreateNewBucket",
    ...
    ...

}

添加 2 个 cloudtrail 资源,一个具有“CreateNewBucket”条件并传递“S3Bucket”资源,另一个具有“UseExistingBucket”并传递“ExistingBucketName”

于 2017-04-11T17:29:56.767 回答