问题描述
使用 Cloud Formation 模板进行 AWS Backup 并尝试使我的备份计划灵活
BackupPlanProd:
Type: "AWS::Backup::BackupPlan"
Properties:
BackupPlan:
BackupPlanName: !Sub 'BACKUP-PLAN-PROD-${AWS::StackName}'
AdvancedBackupSettings:
- ResourceType: EC2
BackupOptions:
WindowsVSS: !Ref VSSConsistent
BackupPlanRule:
- RuleName: !Sub Daily-${DailyBackupsRetentionProd}d-retention
TargetBackupVault: !Ref BackupVaultProd
ScheduleExpression: "cron(0 4 ? * 2,3,4,6,1,5 *)"
StartwindowMinutes: 60
Lifecycle:
DeleteAfterDays: !Ref DailyBackupsRetentionProd
copyActions:
- DestinationBackupVaultArn: !If
- HasdisasterRecoveryDailyProd
- !If
- HasdisasterRecoveryCrossAccount
- !Sub 'arn:aws:backup:${disasterRecoveryRegion}:${disasterRecoveryAccountId}:backup-vault:Default'
- !Sub 'arn:aws:backup:${disasterRecoveryRegion}:${AWS::AccountId}:backup-vault:Default'
- !Ref "AWS::Novalue"
Lifecycle:
DeleteAfterDays: !If [HasdisasterRecoveryDailyProd,!Ref disasterRecoveryDailyBackupsRetentionProd,!Ref "AWS::Novalue"]
这是属性“copyActions”的问题,其中“DestinationBackupVaultArn”是根据 documentation 的必需属性,并且使用 AWS::Novalue 是不可接受的在这种情况下会导致错误:
资源 BackupPlanProd 的属性验证失败,消息为:#/BackupPlan/BackupPlanRule/0/copyActions/0:找不到所需的密钥 [DestinationBackupVaultArn]
在这种情况下,是否有任何解决方法可以在不复制模板中的整个资源的情况下使属性“copyActions”成为条件?例如如果我不想启用备份复制取决于我的条件。
谢谢:)
解决方法
将您的 If
高一级,这样如果您的条件不满足,整个 CopyActions
都会被删除。
Properties:
BackupPlan:
BackupPlanName: !Sub 'BACKUP-PLAN-PROD-${AWS::StackName}'
AdvancedBackupSettings:
- ResourceType: EC2
BackupOptions:
WindowsVSS: !Ref VSSConsistent
BackupPlanRule:
- RuleName: !Sub Daily-${DailyBackupsRetentionProd}d-retention
TargetBackupVault: !Ref BackupVaultProd
ScheduleExpression: "cron(0 4 ? * 2,3,4,6,1,5 *)"
StartWindowMinutes: 60
Lifecycle:
DeleteAfterDays: !Ref DailyBackupsRetentionProd
CopyActions: !If
- HasDisasterRecoveryDailyProd
- - DestinationBackupVaultArn
#
# other properties
#
Lifecycle:
DeleteAfterDays: !If [HasDisasterRecoveryDailyProd,!Ref DisasterRecoveryDailyBackupsRetentionProd,!Ref "AWS::NoValue"]
- !Ref "AWS::NoValue"