AWS CDKで擬似パラメーターを使用する

AWS CloudFormationには擬似パラメーターというものがあります。 AWS Account ID Stack Notification ARNs Cloudfromation Stack Name etc&# […]

広告ここから
広告ここまで

目次

    AWS CloudFormationには擬似パラメーターというものがあります。

    • AWS Account ID
    • Stack Notification ARNs
    • Cloudfromation Stack Name
    • etc…

    擬似パラメーターの取得方法

    この擬似パラメータ、AWS CDKではScopedAws クラスから取得できます。

    Accessor for scoped pseudo parameters.

    These pseudo parameters are anchored to a stack somewhere in the construct tree, and their values will be exported automatically.

    https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_core.ScopedAws.html

    使い方

    import { Stack, Construct, ScopedAws, StackProps } from '@aws-cdk/core';
    
    export class DeployToS3Stack extends Stack {
      constructor(scope: Construct, id: string, props: StackProps) {
        super(scope, id, props);
    
        const {
          accountId,
          notificationArns,
          stackId,
          stackName,
          urlSuffix,
        } = new ScopedAws(this)
    ...

    例: IAM Policy statement

    下のサンプルでは、スタック名・リージョン・アカウントIDを取得して使用しています。

    import { Stack, Construct, ScopedAws, StackProps } from '@aws-cdk/core';
    import { ManagedPolicy, PolicyStatement, ServicePrincipal, Role } from "@aws-cdk/aws-iam"
    
    export class DeployToS3Stack extends Stack {
      constructor(scope: Construct, id: string, props: StackProps) {
        super(scope, id, props);
    
        const {
          accountId,
          stackName,
          region,
        } = new ScopedAws(this)
    
        const LambdaRole = new Role(this.stack, 'LambdaRole', {
          roleName: `${stackName}LambdaRole`,
          managedPolicies: [
            ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole'),
            new ManagedPolicy(this, `LambdaManagedPolicy`, {
              managedPolicyName: `${stackName}LambdaManagedPolicy`,
              statements: [
                new PolicyStatement({
                  actions: [
                    'codebuild:StartBuild',
                    'codebuild:BatchGetBuilds'
                  ],
                  resources: [
                    `arn:aws:codebuild:${region}:${accountId}:project/*`
                  ]
                })
              ]
            })
          ],
          assumedBy: new ServicePrincipal("lambda.amazonaws.com"),
          path: '/'
        })

    cdk synthで作成したCloudFormationはこちら。

    
      LambdaManagedPolicy526313B2:
        Type: AWS::IAM::ManagedPolicy
        Properties:
          PolicyDocument:
            Statement:
              - Action:
                  - codebuild:StartBuild
                  - codebuild:BatchGetBuilds
                Effect: Allow
                Resource:
                  Fn::Join:
                    - ""
                    - - "arn:aws:codebuild:"
                      - Ref: AWS::Region
                      - ":"
                      - Ref: AWS::AccountId
                      - :project/*
            Version: "2012-10-17"
          ManagedPolicyName:
            Fn::Join:
              - ""
              - - Ref: AWS::StackName
                - LambdaManagedPolicy
          Path: /
        Metadata:
          aws:cdk:path: ExampleProject/LambdaManagedPolicy/Resource

    広告ここから
    広告ここまで
    Home
    Search
    Bookmark