1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
I was able to achieve this using !GetAtt RunLambdaVpce.Endpoint
Here is the CF template snippet (Ignore the forward slashes near 'Endpoint'):
LambdaGetVpce:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: !Sub |
import json
import boto3
import cfnresponse
import logging
def handler(event, context):
logging.basicConfig(level=logging.DEBUG)
log = logging.getLogger(__name__)
ec2 = boto3.client('ec2')
responseData = {}
physicalResourceId = {}
try:
endp = ec2.describe_vpc_endpoints()
endpointId = endp\[/'VpcEndpoints/']\[0]\[/'VpcEndpointId/']
responseData\[/'Endpoint/'] = endpointId
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, physicalResourceId)
return
except:
cfnresponse.send(event, context, cfnresponse.FAILED, responseData, physicalResourceId)
log.exception("Lambda execution has failed!")
return
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Statement:
-
Sid: 'Stmt1573075545385'
Effect: Deny
Principal: ''
Action: 's3:'
Resource: !Sub '${S3Bucket.Arn}/*'
Condition:
StringNotEquals:
'aws:SourceVpce': !GetAtt RunLambdaVpce.Endpoint
con risposta 4 anni fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 10 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa