AWS:Cloudformation 脚本根据条件为 CloudTrail 创建 S3 存储桶

AWS: Cloudformation script create S3 bucket for CloudTrail based on conditionals

我正在尝试创建一个将启用 CloudTrail 的 CloudFormation 脚本,并让用户可以选择创建新的 S3 存储桶并使用它,或者使用当前现有的 S3 存储桶。我是 AWS 的新手,所以我有点迷路。这是我采用和修改的一些代码,到目前为止没有添加条件等。

{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "CloudTrail",
"Parameters" : {
    "UseExisitingBucket" : {
        "Description" : "Yes/No",
        "Default" : "Yes",
        "Type" :  "String",
        "AllowedValues" : [ "yes", "no"]
    },
    "BucketName" : {
        "Description" : "Name of the S3 bucket.",
        "Type" : "String"
    },
    "TopicName" : {
        "Description" : "Name of the SNS topic.",
        "Type" : "String",
        "Default" : ""
    },
    "IncludeGlobalServiceEvents" : {
        "Description" : "Indicates whether the trail is publishing events from global services, such as IAM, to the log files.",
        "Type" : "String",
        "Default" : "false",
        "AllowedValues" : [
            "true",
            "false"
        ]
    }
},
"Conditions" : {
    "UseSNSTopic" : {
        "Fn::Not" : [
            {
                "Fn::Equals" : [
                    {
                        "Ref" : "TopicName"
                    },
                    ""
                ]
            }
        ]
    }
},
"Resources" : {
    "Trail" : {
        "Type" : "AWS::CloudTrail::Trail",
        "Properties" : {
            "IncludeGlobalServiceEvents" : {
                "Ref" : "IncludeGlobalServiceEvents"
            },
            "S3BucketName" : {
                "Ref" : "BucketName"
            },
            "SnsTopicName" : {
                "Fn::If" : [
                    "UseSNSTopic",
                    {
                        "Ref" : "TopicName"
                    },
                    {
                        "Ref" : "AWS::NoValue"
                    }
                ]
            },
            "IsLogging" : true
        }
    }
}

}

你非常接近,我建议删除 UseExisitingBucket 参数。然后将 Default 添加到 BucketName,这样它看起来像这样:

"ExistingBucketName" : {
    "Description" : "Name of the S3 bucket.",
    "Type" : "String",
    "Default": "None"
},

添加几个条件来检查是否提供了存储桶或者您是否需要创建新存储桶:

"Conditions": {
    "CreateNewBucket": {
        "Fn::Equals": [
            {
                "Ref": "ExistingBucketName"
            },
            "None"
        ]
    },
    "UseExistingBucket": {
        "Fn::Not": [
            {
                "Fn::Equals": [
                    {
                        "Ref": "ExistingBucketName"
                    },
                    "None"
                ]                
            } 
        ]
    }
}

然后根据上述条件创建 S3 Bucket 资源,例如:

"S3Bucket": {
    "Condition": "CreateNewBucket",
    ...
    ...

}

添加 2 个 cloudtrail 资源,一个具有 "CreateNewBucket" 条件并传递 "S3Bucket" 资源,另一个具有 "UseExistingBucket" 并传递 "ExistingBucketName"