5

我正在尝试通过 SSM(系统管理器- https://docs.aws.amazon.com/systems-manager/latest 访问在秘密管理器( https://aws.amazon.com/secrets-manager/ )创建的秘密/userguide/systems-manager-parameter-store.html ) 即 AWS 参数存储,并将其存储在 serverless.yml 文件中的自定义 YAML 变量中?我正在尝试通过无服务器框架(https://serverless.com/)实现云形成,并且我正在尝试在云形成中实现嵌套的 if 语句,以便使用下面的代码实现上述功能。

 stage: &stage 'dev' #Hardcoded for now
 rdsMasterPassword:
 !If
  - !Equals [*stage,"prod"]
  - ${ssm:/aws/reference/secretsmanager/cred-prod~true:rdsMasterPassword}
  - !If 
      - !Equals [*stage,"staging"]
      - ${ssm:/aws/reference/secretsmanager/cred-staging~true:rdsMasterPassword}
      - ${ssm:/aws/reference/secretsmanager/cred-dev~true:rdsMasterPassword}

我已经尝试过云形成内在函数 Fn::If 为此但面临这个错误: Fn::If requires a list argument with the first element being a condition

4

2 回答 2

1

只想指出,如果您希望根据环境加载不同的 SSM 路径,您可以通过多种方式实现,此处概述

例如,我在通过 json 文件加载时度过了愉快的时光

-- serverless-staging.json --
{
  "ssm_path": "/path/to/staging/ssm/parameter"
}

-- serverless-prod.json --
{
  "ssm_path": "/path/to/prod/ssm/parameter"
}

-- serverless.yml --
...
stage: ${opt:stage, 'dev'}
environment:
  SSM_PATH: ${file(serverless-${self:provider.stage}.json):ssm_path}
... etc etc

希望这可以帮助其他从搜索中登陆的人

于 2019-12-05T22:01:25.173 回答
1

由于 YAML 的限制,不能对一系列内在函数使用快捷语法。

请参阅文档中的“重要”部分以供参考。

尝试这个:

stage: &stage 'dev' #Hardcoded for now
rdsMasterPassword:
  Fn::If:
    - Fn::Equals: [*stage, "prod"]
    - ${ssm:/aws/reference/secretsmanager/cred-prod~true:rdsMasterPassword}
    - Fn::If: 
      - Fn::Equals: [*stage, "staging"]
      - ${ssm:/aws/reference/secretsmanager/cred-staging~true:rdsMasterPassword}
      - ${ssm:/aws/reference/secretsmanager/cred-dev~true:rdsMasterPassword}
于 2021-08-06T15:12:48.970 回答