CloudFormation Elasticsearch 服务 - 同一资源上的资源之间的循环依赖
CloudFormation Elasticsearch Service - Circular dependency between resources on same resource
提前致谢!
我一直被这个问题困扰很久,找不到解决办法...
基本上我想在我的 elasticsearch 服务上实施相同的访问策略,但是当我尝试在 cloudformation 中重新创建它时,我收到一个循环依赖错误。我知道是什么导致了错误 Fn::GetAtt' s 引用弹性搜索 DomainArn。
所以我的问题是如何在不必引用我的 elk 域 arn 的情况下实施此声明?
模板包含错误。:资源之间的循环依赖:[XXXXXX]
"XXXXXX": {
"Type": "AWS::Elasticsearch::Domain",
"Properties": {
"AccessPolicies": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": ["myuser", "Arn"]
}
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
}
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
},
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"xx.xx.xx.xx",
"xx.xx.xx.xx"
]
}
}
}
]
},
"DomainName": "XXXXXX",
"EBSOptions": {
"EBSEnabled": "True",
"VolumeSize": 10,
"VolumeType": "gp2"
},
"ElasticsearchClusterConfig": {
"InstanceCount": 1,
"InstanceType": "t2.small.elasticsearch"
},
"ElasticsearchVersion": "5.1",
"SnapshotOptions": {
"AutomatedSnapshotStartHour": 0
},
"Tags": {
"Key": "name",
"Value": "XXXXXX"
}
}
},
不使用 Fn::GetAtt 检索域 ARN,而是使用 Fn:Sub 使用规则构建 ARN here(向下滚动到 "Use the following syntax to specify domain resources for Amazon ES")。
{ "Fn::Sub":"arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/XXXXXX" }
提前致谢!
我一直被这个问题困扰很久,找不到解决办法...
基本上我想在我的 elasticsearch 服务上实施相同的访问策略,但是当我尝试在 cloudformation 中重新创建它时,我收到一个循环依赖错误。我知道是什么导致了错误 Fn::GetAtt' s 引用弹性搜索 DomainArn。
所以我的问题是如何在不必引用我的 elk 域 arn 的情况下实施此声明?
模板包含错误。:资源之间的循环依赖:[XXXXXX]
"XXXXXX": {
"Type": "AWS::Elasticsearch::Domain",
"Properties": {
"AccessPolicies": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::GetAtt": ["myuser", "Arn"]
}
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
}
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "es:*",
"Resource": {
"Fn::GetAtt": ["XXXXXX", "DomainArn"]
},
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"xx.xx.xx.xx",
"xx.xx.xx.xx"
]
}
}
}
]
},
"DomainName": "XXXXXX",
"EBSOptions": {
"EBSEnabled": "True",
"VolumeSize": 10,
"VolumeType": "gp2"
},
"ElasticsearchClusterConfig": {
"InstanceCount": 1,
"InstanceType": "t2.small.elasticsearch"
},
"ElasticsearchVersion": "5.1",
"SnapshotOptions": {
"AutomatedSnapshotStartHour": 0
},
"Tags": {
"Key": "name",
"Value": "XXXXXX"
}
}
},
不使用 Fn::GetAtt 检索域 ARN,而是使用 Fn:Sub 使用规则构建 ARN here(向下滚动到 "Use the following syntax to specify domain resources for Amazon ES")。
{ "Fn::Sub":"arn:aws:es:${AWS::Region}:${AWS::AccountId}:domain/XXXXXX" }