AWS CDKで擬似パラメーターを使用する
AWS CloudFormationには擬似パラメーターというものがあります。 AWS Account ID Stack Notification ARNs Cloudfromation Stack Name etc&# […]
広告ここから
広告ここまで
目次
AWS CloudFormationには擬似パラメーターというものがあります。
- AWS Account ID
- Stack Notification ARNs
- Cloudfromation Stack Name
- etc…
擬似パラメーターの取得方法
この擬似パラメータ、AWS CDKではScopedAws
クラスから取得できます。
Accessor for scoped pseudo parameters.
These pseudo parameters are anchored to a stack somewhere in the construct tree, and their values will be exported automatically.
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_core.ScopedAws.html
使い方
import { Stack, Construct, ScopedAws, StackProps } from '@aws-cdk/core';
export class DeployToS3Stack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const {
accountId,
notificationArns,
stackId,
stackName,
urlSuffix,
} = new ScopedAws(this)
...
例: IAM Policy statement
下のサンプルでは、スタック名・リージョン・アカウントIDを取得して使用しています。
import { Stack, Construct, ScopedAws, StackProps } from '@aws-cdk/core';
import { ManagedPolicy, PolicyStatement, ServicePrincipal, Role } from "@aws-cdk/aws-iam"
export class DeployToS3Stack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const {
accountId,
stackName,
region,
} = new ScopedAws(this)
const LambdaRole = new Role(this.stack, 'LambdaRole', {
roleName: `${stackName}LambdaRole`,
managedPolicies: [
ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole'),
new ManagedPolicy(this, `LambdaManagedPolicy`, {
managedPolicyName: `${stackName}LambdaManagedPolicy`,
statements: [
new PolicyStatement({
actions: [
'codebuild:StartBuild',
'codebuild:BatchGetBuilds'
],
resources: [
`arn:aws:codebuild:${region}:${accountId}:project/*`
]
})
]
})
],
assumedBy: new ServicePrincipal("lambda.amazonaws.com"),
path: '/'
})
cdk synthで作成したCloudFormationはこちら。
LambdaManagedPolicy526313B2:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Statement:
- Action:
- codebuild:StartBuild
- codebuild:BatchGetBuilds
Effect: Allow
Resource:
Fn::Join:
- ""
- - "arn:aws:codebuild:"
- Ref: AWS::Region
- ":"
- Ref: AWS::AccountId
- :project/*
Version: "2012-10-17"
ManagedPolicyName:
Fn::Join:
- ""
- - Ref: AWS::StackName
- LambdaManagedPolicy
Path: /
Metadata:
aws:cdk:path: ExampleProject/LambdaManagedPolicy/Resource