如何从cloudformation模板中的参数文件传递公钥?

编程问答 2022-05-23

问题描述

我定义了以下 Cloudformation 模板,我想在其中从参数文件传递公钥。 'MyPublicKey' 变量是字符串类型。我使用

来引用这个变量 
EncodedKey !Ref MyPublicKey

在 PublicKeyConfig 下,如下所示。

AWstemplateFormatVersion: "2010-09-09"

  Parameters:
    MyPublicKey:
      Type: String
      Description: 'Public key for some purpose'
      NoEcho: true

  Resources:
    CloudfrontPublicKey:
      Type: AWS::CloudFront::PublicKey
      Properties:
        PublicKeyConfig:
          CallerReference: 'some-caller-reference'
          Comment: 'Public key for signed url'
          Name: 'cloudfront-public-key'
          EncodedKey: !Ref MyPublicKey

    ...

parameter.json 文件看起来像这样。原始 .pem 文件中的公钥是多行的,但我在字符串中任何有换行符的地方添加了新行字符 '\n'。

[
  {
    "ParameterKey": "MyPublicKey","ParameterValue": "-----BEGIN PUBLIC KEY-----\naaaa\nbbbb\n-----END PUBLIC KEY-----"
  },]

尝试更新堆栈时,出现以下错误

Invalid request provided: AWS::CloudFront::PublicKey

好像不能导入公钥。

解决方法

根据注释,传递值时需要额外的 \n 字符,Ref 应替换为 Sub 函数以放置字符串。

  Resources:
    CloudfrontPublicKey:
      Type: AWS::CloudFront::PublicKey
      Properties:
        PublicKeyConfig:
          CallerReference: 'some-caller-reference'
          Comment: 'Public key for signed url'
          Name: 'cloudfront-public-key'
          EncodedKey: !Sub "${MyPublicKey}"

以下是内联键示例:

生成密钥:

openssl genrsa -out private_key.pem 2048
openssl rsa -pubout -in private_key.pem -out public_key.pem

Cloudformationt 模板:

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  CloudfrontPublicKey:
    Type: AWS::CloudFront::PublicKey
    Properties:
      PublicKeyConfig:
        CallerReference: 'some-caller-reference'
        Comment: 'Public key for signed url'
        Name: 'cloudfront-public-key'
        EncodedKey: |
          -----BEGIN PUBLIC KEY-----
          MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN
          lKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT
          sZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh
          MNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON
          8BjcNloJE3NbLYshQPconb8pA+3jjkMF0QAH6rtc452G7CuS3KBfVQwWUeWE77kK
          wQQir6YFvKP3pG8Ls55FxXBTCCNJl5LZcHt1D0cZmuoSLJj2mVzJgKGyLTdoIwAW
          6QIDAQAB
          -----END PUBLIC KEY-----

列表键:

aws cloudfront list-public-keys|jq .PublicKeyList.Items[1]

输出:

{
  "Id": "08ZCTRKADSADASDAS","Name": "cloudfront-public-key","CreatedTime": "2021-02-27T10:25:43.076Z","EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG0grTw5uHbO4CkFVyqN\nlKLGd9ZJrj6l68QU20SzrF7jgQtzE7VKfHxWfzE5FDKF1qKVLT0mURjlRfRPUXaT\nsZYsnKv+cTYkraewdLqbVuN7JII2D/cEXTYRn7849kGKycl3YMXeJeBStbLSPWfh\nMNJZnlFnEX6DkYtwk0Ae0bQ3WT1Be/Xhe4pqSQsnU+InSDkIfA+4UTRLa0kTCgON\n8BjcNloJE3NbLYscZmuoSLJj2mVzJgKGyLTdoIwAW\n6QIDAQAB\n-----END PUBLIC KEY-----\n","Comment": "Public key for signed url"
}

Public key creation in AWS cloudformation giving following error: Invalid request provided: AWS::CloudFront::PublicKey 已经回答。

amazon-cloudformationamazon-cloudfrontamazon-web-services