1 Answer
- Newest
- Most votes
- Most comments
0
I was able to achieve this using !GetAtt RunLambdaVpce.Endpoint
Here is the CF template snippet (Ignore the forward slashes near 'Endpoint'):
LambdaGetVpce:
Type: AWS::Lambda::Function
Properties:
Code:
ZipFile: !Sub |
import json
import boto3
import cfnresponse
import logging
def handler(event, context):
logging.basicConfig(level=logging.DEBUG)
log = logging.getLogger(__name__)
ec2 = boto3.client('ec2')
responseData = {}
physicalResourceId = {}
try:
endp = ec2.describe_vpc_endpoints()
endpointId = endp\[/'VpcEndpoints/']\[0]\[/'VpcEndpointId/']
responseData\[/'Endpoint/'] = endpointId
cfnresponse.send(event, context, cfnresponse.SUCCESS, responseData, physicalResourceId)
return
except:
cfnresponse.send(event, context, cfnresponse.FAILED, responseData, physicalResourceId)
log.exception("Lambda execution has failed!")
return
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Statement:
-
Sid: 'Stmt1573075545385'
Effect: Deny
Principal: ''
Action: 's3:'
Resource: !Sub '${S3Bucket.Arn}/*'
Condition:
StringNotEquals:
'aws:SourceVpce': !GetAtt RunLambdaVpce.Endpoint
answered 4 years ago
Relevant content
- asked 5 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 6 months ago