如何在 CloudFormation 中获取 SSM 文档的 ARN?
How to get the ARN of an SSM Document in CloudFormation?
我有一个创建 AWS::Events::Rule 和 AWS::SSM::Document 的 CloudFormation 模板。我需要为 SSM::Rule 提供 Targets 的列表,但每个目标都需要一个 ARN:
mySSMDocument:
Type: AWS::SSM::Document
Properties:
DocumentType: 'Command'
Content:
schemaVersion: '2.2'
description: "Code that will be run on EC2"
mainSteps:
- action: "aws:runShellScript"
name: runShellScript
inputs:
runCommand:
- 'Some command to execute'
myEventRule:
Type: AWS::Events::Rule
Properties:
Description: "A description for the Rule."
EventPattern:
source:
- "aws.autoscaling"
detail-type:
- "EC2 Instance-terminate Lifecycle Action"
detail:
AutoScalingGroupName:
- !Ref 'someAutoScalingGroupInThisTemplate'
RoleArn: 'some role ARN'
State: "ENABLED"
Targets:
- Id: "some-unique-id"
Arn: <-- This is the value that I need to fill in.
RunCommandParameters:
RunCommandTargets:
- Key: "tag: Name"
Values:
- 'The name of the EC2 machine'
我认为我需要将 <-- This is the value that I need to fill in. 替换为 mySSMDocument 的 ARN,但我看不出有任何方法可以从模板本身中检索此值。 The documentation 未在 SSM::Document 上指定允许获取 ARN 的任何 GetAtt 功能。有人知道如何解决这个问题吗?
这是文档的 ARN 模式
arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName}
示例:
arn:aws:ssm:us-east-2:12345678912:document/demoooo
您可以使用 Ref 函数获取文档名称,然后 Sub 创建最终 ARN
!Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:document/${mySSMDocument}
你可以产生ARN format for AWS::SSM::Document using the return Value for AWS::SSM::Document, the Pseudo Parameters for Partition, Region, and AccountId, and the Sub intrinsic function
我有一个创建 AWS::Events::Rule 和 AWS::SSM::Document 的 CloudFormation 模板。我需要为 SSM::Rule 提供 Targets 的列表,但每个目标都需要一个 ARN:
mySSMDocument:
Type: AWS::SSM::Document
Properties:
DocumentType: 'Command'
Content:
schemaVersion: '2.2'
description: "Code that will be run on EC2"
mainSteps:
- action: "aws:runShellScript"
name: runShellScript
inputs:
runCommand:
- 'Some command to execute'
myEventRule:
Type: AWS::Events::Rule
Properties:
Description: "A description for the Rule."
EventPattern:
source:
- "aws.autoscaling"
detail-type:
- "EC2 Instance-terminate Lifecycle Action"
detail:
AutoScalingGroupName:
- !Ref 'someAutoScalingGroupInThisTemplate'
RoleArn: 'some role ARN'
State: "ENABLED"
Targets:
- Id: "some-unique-id"
Arn: <-- This is the value that I need to fill in.
RunCommandParameters:
RunCommandTargets:
- Key: "tag: Name"
Values:
- 'The name of the EC2 machine'
我认为我需要将 <-- This is the value that I need to fill in. 替换为 mySSMDocument 的 ARN,但我看不出有任何方法可以从模板本身中检索此值。 The documentation 未在 SSM::Document 上指定允许获取 ARN 的任何 GetAtt 功能。有人知道如何解决这个问题吗?
这是文档的 ARN 模式
arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName}
示例:
arn:aws:ssm:us-east-2:12345678912:document/demoooo
您可以使用 Ref 函数获取文档名称,然后 Sub 创建最终 ARN
!Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:document/${mySSMDocument}
你可以产生ARN format for AWS::SSM::Document using the return Value for AWS::SSM::Document, the Pseudo Parameters for Partition, Region, and AccountId, and the Sub intrinsic function