AWS CDK ssm.CfnAssociation 定义参数

Question

我坚持创建 ssm.CfnAssociation 因为我也是 AWS CDK 和 CloudFormation 的新手。我正在尝试通过 ssm.CfnAssociation 创建 AWS Systems Manager 状态管理器任务 (AWS-RunAnsiblePlaybook)，但我误解了如何定义参数？我想将参数 url 设置为 s3 的剧本。从 CDK 文档开始，它应该是： parameters (Union[IResolvable, None, Mapping[str, Union[IResolvable, Forwardref]]]) – AWS::SSM::Association.Parameters.

通过 AWS 停靠 Type: Map of ParameterValues -> { "ParameterValues" : [ String, ... ] }

我尝试为参数定义各种类型，但总是出错：Value did not match any type in union: Expected object reference, got {"plybook":"s3-url"},Value did not match any type in union: Expected object reference, got "s3-url",Expected object reference, got "s3-url" 如果我使用ssm.CfnAssociation.ParameterValuesProperty 来匹配密钥playbookurl，我在部署步骤中有错误：SSMAssociation/SSMAssociation (SSMAssociation6148DA19) Value of {Parameters} must be a map where each value is a list of {String}

您能帮我解决一下吗，因为不知道什么类型以及如何适合参数？ 谢谢。

class SSMAssociation(core.Construct):

def __init__(self, scope: core.Construct, id: str, 
ssm_association_name: str, **kwargs) -> None:
    super().__init__(scope, id, **kwargs)

    ssm_param_values = ssm.CfnAssociation.ParameterValuesProperty(
        parameter_values=["s3://test-ansible-test1-pl1/playbook1.yml"],
    )

    ssm_tartgets = ssm.CfnAssociation.TargetProperty(
        key="CDK-Type",
        values="EC2Instance",
    ),

    ssm_association = ssm.CfnAssociation(
        self, "SSMAssociation",
        name=ssm_association_name,
        output_location=None,
        parameters={
            "playbookurl": ssm_param_values,
        },

        targets=None,
    )

Answer 1

如上根据pythondocs，参数为(Union[IResolvable, None, Mapping[str, Union[IResolvable, Forwardref]]]) – AWS::SSM::Association.Parameters，所以你做的是正确的

我刚刚验证了cdk synth 接受：

    ssm_param_values = ssm.CfnAssociation.ParameterValuesProperty(
        parameter_values=["s3://test-ansible-test1-pl1/playbook1.yml"],
    )
    ssm_association = ssm.CfnAssociation(
        self, "SSMAssociation",
        name=ssm_association_name,
        output_location=None,
        parameters={
            "playbookurl": ssm_param_values,
        },

        targets=None,
    )

以下版本

Python 3.7.4

aws-cdk.aws-events==1.18.0

aws-cdk.aws-iam==1.18.0

aws-cdk.aws-kms==1.18.0

aws-cdk.aws-s3==1.18.0

aws-cdk.aws-ssm==1.18.0

aws-cdk.core==1.18.0

aws-cdk.cx-api==1.18.0

aws-cdk.region-info==1.18.0

但是部署问题仍然存在，您似乎应该使用ssm_param_values.parameter_values，但CDK不接受它

提交了issue on CDK，尽管它可能是一个 CF 错误。

CF documentation 肯定具有误导性，报告反馈：

• 语法为Parameters is just a key: value pair map
• [Parameters][4] 指定 [ParameterValues][5] 的 Map，匹配 CDK 行为

Answer 2

目前解决此问题的方法是使用 CfnInclude 而不是 CfnAssociation。 但在我看来，以适当的方式使用 CfnAssociation 会更好。

class SSMAssociationConstruct(core.Construct):

def __init__(self, scope: core.Construct, id: str, 
             playbook_url: str,
             ec2_tag_key: str,
             ec2_tag_value: str,
             **kwargs) -> None:
    super().__init__(scope, id, **kwargs)

    if playbook_url is not None:
        cfn_include = core.CfnInclude(
            self, "CfnInclude",
            template={
                "Resources": {
                    "SSMAssociation": {
                        "Type" : "AWS::SSM::Association",
                        "Properties" : {
                            "AssociationName" : "SSMRunAnsible" ,
                            "Name" : "AWS-RunAnsiblePlaybook",
                            "ScheduleExpression": "cron(0 0/30 * * * ? *)",
                            "Parameters" : {
                                "playbookurl":[playbook_url],
                            },
                            "Targets" : [{
                                "Key": f"tag:{ec2_tag_key}",
                                "Values": [f"{ec2_tag_value}"]
                            }]
                          }
                    }
                }
            }
        )