如何从 cloudformation 模板中的参数文件传递 public 键?
How to pass public key from parameter file in cloudformation template?
我定义了以下 Cloudformation 模板,我想在其中传递参数文件中的 Public 键。 'MyPublicKey' 变量是字符串类型。我通过使用
来引用这个变量
EncodedKey !Ref MyPublicKey
在 PublicKeyConfig 下,如下所示。
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
MyPublicKey:
Type: String
Description: 'Public key for some purpose'
NoEcho: true
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Ref MyPublicKey
...
parameter.json 文件看起来像这样。 public 键在原始 .pem 文件中是多行的,但我在字符串中的换行符处添加了新行字符 '\n'。
[
{
"ParameterKey": "MyPublicKey",
"ParameterValue": "-----BEGIN PUBLIC KEY-----\naaaa\nbbbb\n-----END PUBLIC KEY-----"
},
]
尝试更新堆栈时,出现以下错误:
Invalid request provided: AWS::CloudFront::PublicKey
似乎无法导入 public 密钥。
根据评论,传递值时需要额外的 \n 字符,Ref 应替换为 Sub 函数以放置字符串。
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Sub "${MyPublicKey}"
下面是内联键示例:
生成密钥:
openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
Cloudformationt 模板:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN
lKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT
sZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh
MNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON
8BjcNloJE3NbLYshQPconb8pA+3jjkMF0QAH6rtc452G7CuS3KBfVQwWUeWE77kK
wQQir6YFvKP3pG8Ls55FxXBTCCNJl5LZcHt1D0cZmuoSLJj2mVzJgKGyLTdoIwAW
6QIDAQAB
-----END PUBLIC KEY-----
列表键:
aws cloudfront list-public-keys|jq .PublicKeyList.Items[1]
输出:
{
"Id": "08ZCTRKADSADASDAS",
"Name": "cloudfront-public-key",
"CreatedTime": "2021-02-27T10:25:43.076Z",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN\nlKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT\nsZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh\nMNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON\n8BjcNloJE3NbLYscZmuoSLJj2mVzJgKGyLTdoIwAW\n6QIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "Public key for signed url"
}
已回答。
我定义了以下 Cloudformation 模板,我想在其中传递参数文件中的 Public 键。 'MyPublicKey' 变量是字符串类型。我通过使用
来引用这个变量EncodedKey !Ref MyPublicKey
在 PublicKeyConfig 下,如下所示。
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
MyPublicKey:
Type: String
Description: 'Public key for some purpose'
NoEcho: true
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Ref MyPublicKey
...
parameter.json 文件看起来像这样。 public 键在原始 .pem 文件中是多行的,但我在字符串中的换行符处添加了新行字符 '\n'。
[
{
"ParameterKey": "MyPublicKey",
"ParameterValue": "-----BEGIN PUBLIC KEY-----\naaaa\nbbbb\n-----END PUBLIC KEY-----"
},
]
尝试更新堆栈时,出现以下错误:
Invalid request provided: AWS::CloudFront::PublicKey
似乎无法导入 public 密钥。
根据评论,传递值时需要额外的 \n 字符,Ref 应替换为 Sub 函数以放置字符串。
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: !Sub "${MyPublicKey}"
下面是内联键示例:
生成密钥:
openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem
Cloudformationt 模板:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
CloudfrontPublicKey:
Type: AWS::CloudFront::PublicKey
Properties:
PublicKeyConfig:
CallerReference: 'some-caller-reference'
Comment: 'Public key for signed url'
Name: 'cloudfront-public-key'
EncodedKey: |
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN
lKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT
sZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh
MNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON
8BjcNloJE3NbLYshQPconb8pA+3jjkMF0QAH6rtc452G7CuS3KBfVQwWUeWE77kK
wQQir6YFvKP3pG8Ls55FxXBTCCNJl5LZcHt1D0cZmuoSLJj2mVzJgKGyLTdoIwAW
6QIDAQAB
-----END PUBLIC KEY-----
列表键:
aws cloudfront list-public-keys|jq .PublicKeyList.Items[1]
输出:
{
"Id": "08ZCTRKADSADASDAS",
"Name": "cloudfront-public-key",
"CreatedTime": "2021-02-27T10:25:43.076Z",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN\nlKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT\nsZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh\nMNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON\n8BjcNloJE3NbLYscZmuoSLJj2mVzJgKGyLTdoIwAW\n6QIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "Public key for signed url"
}