Condition 属性 - AWS CloudFormation
示例使用多个条件在条件中使用 AWS::AccountId

这是新的《AWS CloudFormation 模板参考指南》。请更新您的书签和链接。有关开始使用 CloudFormation 的帮助,请参阅《AWS CloudFormation 用户指南》https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html

Condition 属性

要在 CloudFormation 中基于条件创建资源,首先需在模板的 Conditions 中声明条件。然后,在资源上使用 Condition 密钥以及条件的逻辑 ID 作为属性。仅当 条件评估为 true 时,CloudFormation 才会创建 资源。这样,您就可以根据模板中定义的特定标准或参数来控制资源的创建。

如果您是首次在模板中使用条件,建议您先查看《AWS CloudFormation 用户指南》中有关 CloudFormation 模板条件语法的内容。

注意

如果未创建带有条件的资源,那么所有依赖于该资源的资源也不会创建,无论它们自身的条件如何。

示例

以下模板包含一个具有 Condition 属性的 Amazon S3 存储桶字段。只有在 CreateBucket 条件评估为 true 时才会创建存储桶。

JSON

{
   "AWSTemplateFormatVersion" : "2010-09-09",
   "Parameters" : {
      "EnvType" : {
         "Type" : "String",
         "AllowedValues" : ["prod", "dev"],
         "Default" : "dev",
         "Description" : "Environment type"
      }
   },
   "Conditions" : {
      "CreateBucket" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]}
   },
   "Resources" : {
      "MyBucket" : {
         "Type" : "AWS::S3::Bucket",
         "Condition" : "CreateBucket",
         "Properties" : {
            "BucketName" : {"Fn::Join" : ["-", ["mybucket", {"Ref" : "EnvType"}]]}
         }
      }
   }
}

YAML

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  EnvType:
    Type: String
    AllowedValues:
      - prod
      - dev
    Default: dev
    Description: Environment type
Conditions:
  CreateBucket: !Equals [!Ref EnvType, prod]
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Condition: CreateBucket
    Properties:
      BucketName: !Sub mybucket-${EnvType}

使用多个条件

您可以使用内置函数(如 Fn::AndFn::OrFn::Not)组合多个条件,以创建更复杂的条件逻辑。

JSON

{
   "AWSTemplateFormatVersion" : "2010-09-09",
   "Parameters" : {
      "EnvType" : {
         "Type" : "String",
         "AllowedValues" : ["prod", "test", "dev"],
         "Default" : "dev",
         "Description" : "Environment type"
      },
      "CreateResources" : {
         "Type" : "String",
         "AllowedValues" : ["true", "false"],
         "Default" : "true",
         "Description" : "Create resources flag"
      }
   },
   "Conditions" : {
      "IsProd" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]},
      "IsTest" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "test"]},
      "CreateResourcesFlag" : {"Fn::Equals" : [{"Ref" : "CreateResources"}, "true"]},
      "CreateProdResources" : {"Fn::And" : [{"Condition" : "IsProd"}, {"Condition" : "CreateResourcesFlag"}]},
      "CreateTestOrDevResources" : {"Fn::And" : [{"Fn::Or" : [{"Condition" : "IsTest"}, {"Fn::Not" : [{"Condition" : "IsProd"}]}]}, {"Condition" : "CreateResourcesFlag"}]}
   },
   "Resources" : {
      "ProdBucket" : {
         "Type" : "AWS::S3::Bucket",
         "Condition" : "CreateProdResources",
         "Properties" : {
            "BucketName" : {"Fn::Join" : ["-", ["prod-bucket", {"Ref" : "AWS::StackName"}]]}
         }
      },
      "TestDevBucket" : {
         "Type" : "AWS::S3::Bucket",
         "Condition" : "CreateTestOrDevResources",
         "Properties" : {
            "BucketName" : {"Fn::Join" : ["-", [{"Ref" : "EnvType"}, "bucket", {"Ref" : "AWS::StackName"}]]}
         }
      }
   }
}

YAML

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  EnvType:
    Type: String
    AllowedValues:
      - prod
      - test
      - dev
    Default: dev
    Description: Environment type
  CreateResources:
    Type: String
    AllowedValues:
      - 'true'
      - 'false'
    Default: 'true'
    Description: Create resources flag
Conditions:
  IsProd: !Equals [!Ref EnvType, prod]
  IsTest: !Equals [!Ref EnvType, test]
  CreateResourcesFlag: !Equals [!Ref CreateResources, 'true']
  CreateProdResources: !And
    - !Condition IsProd
    - !Condition CreateResourcesFlag
  CreateTestOrDevResources: !And
    - !Or
      - !Condition IsTest
      - !Not [!Condition IsProd]
    - !Condition CreateResourcesFlag
Resources:
  ProdBucket:
    Type: AWS::S3::Bucket
    Condition: CreateProdResources
    Properties:
      BucketName: !Sub prod-bucket-${AWS::StackName}
  TestDevBucket:
    Type: AWS::S3::Bucket
    Condition: CreateTestOrDevResources
    Properties:
      BucketName: !Sub ${EnvType}-bucket-${AWS::StackName}

在条件中使用 AWS::AccountId

您可以在条件中使用 AWS::AccountId 等伪参数,根据堆栈部署所在的 AWS 账户 来创建资源。这适用于多账户部署场景,或者需要排除特定账户,不让其获取某些资源时。有关伪参数的更多信息,请参阅《AWS CloudFormation 用户指南》中的使用伪参数获取 AWS 值

JSON

{
   "AWSTemplateFormatVersion" : "2010-09-09",
   "Conditions" : {
      "ExcludeAccount1" : {"Fn::Not" : [{"Fn::Equals" : [{"Ref" : "AWS::AccountId"}, "111111111111"]}]},
      "ExcludeAccount2" : {"Fn::Not" : [{"Fn::Equals" : [{"Ref" : "AWS::AccountId"}, "222222222222"]}]},
      "ExcludeBothAccounts" : {"Fn::And" : [{"Condition" : "ExcludeAccount1"}, {"Condition" : "ExcludeAccount2"}]}
   },
   "Resources" : {
      "StandardBucket" : {
         "Type" : "AWS::S3::Bucket",
         "Properties" : {
            "BucketName" : {"Fn::Join" : ["-", ["standard-bucket", {"Ref" : "AWS::StackName"}]]}
         }
      },
      "RestrictedResource" : {
         "Type" : "AWS::SNS::Topic",
         "Condition" : "ExcludeBothAccounts",
         "Properties" : {
            "TopicName" : {"Fn::Join" : ["-", ["restricted-topic", {"Ref" : "AWS::StackName"}]]}
         }
      }
   }
}

YAML

AWSTemplateFormatVersion: 2010-09-09
Conditions:
  ExcludeAccount1: !Not [!Equals [!Ref 'AWS::AccountId', '111111111111']]
  ExcludeAccount2: !Not [!Equals [!Ref 'AWS::AccountId', '222222222222']]
  ExcludeBothAccounts: !And
    - !Condition ExcludeAccount1
    - !Condition ExcludeAccount2
Resources:
  StandardBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub standard-bucket-${AWS::StackName}
  RestrictedResource:
    Type: AWS::SNS::Topic
    Condition: ExcludeBothAccounts
    Properties:
      TopicName: !Sub restricted-topic-${AWS::StackName}