本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # 使用带有 Hook 目标名称的通配符 您可以使用通配符作为目标名称的一部分。您可以在 Hook 目标名称中使用通配符(`*`和`?`)。星号 (`*`) 表示字符的任意组合。问号 (`?`) 代表任何单个字符。可以在目标名称中使用多个`*`和`?`字符。 **Example : Hook 架构中目标名称通配符的示例** 以下示例针对 Amazon S3 支持的所有资源类型。 ``` { ... "handlers": { "preCreate": { "targetNames": [ "AWS::S3::*" ], "permissions": [] } } ... } ``` 以下示例匹配名称中包含 “Bucket” 的所有资源类型。 ``` { ... "handlers": { "preCreate": { "targetNames": [ "AWS::*::Bucket*" ], "permissions": [] } } ... } ``` `AWS::*::Bucket*`可能会解析为以下任何一种具体的资源类型: + `AWS::Lightsail::Bucket` + `AWS::S3::Bucket` + `AWS::S3::BucketPolicy` + `AWS::S3Outpost::Bucket` + `AWS::S3Outpost::BucketPolicy` **Example : Hook 配置架构中的目标名称通配符示例** 以下示例配置调用 Hook 来执行所有 Amazon S3 资源类型的`UPDATE`操作,以及对所有命名表资源类型(例如`AWS::DynamobDB::Table`或)的操作。`CREATE` `AWS::Glue::Table` ``` { "CloudFormationConfiguration": { "HookConfiguration": { "TargetStacks": "ALL", "FailureMode": "FAIL", "Properties": {}, "TargetFilters":{ "Targets": [ { "TargetName": "AWS::S3::*", "Action": "CREATE", "InvocationPoint": "PRE_PROVISION" }, { "TargetName": "AWS::*::Table", "Action": "UPDATE", "InvocationPoint": "PRE_PROVISION" } ] } } } } ``` 以下示例配置调用所有 Amazon S3 资源类型的挂钩`CREATE`和`UPDATE`操作,以及对所有命名表资源类型(例如`AWS::DynamobDB::Table`或)的`CREATE`和`UPDATE`操作。`AWS::Glue::Table` ``` { "CloudFormationConfiguration": { "HookConfiguration": { "TargetStacks": "ALL", "FailureMode": "FAIL", "Properties": {}, "TargetFilters":{ "TargetNames": [ "AWS::S3::*", "AWS::*::Table" ], "Actions": [ "CREATE", "UPDATE" ], "InvocationPoints": [ "PRE_PROVISION" ] } } } } ``` **Example : `Include` 特定堆栈** 以下示例指定了一个`Include`列表。只有当堆栈名称以开头时,才会调用 Hook `stack-test-`。 ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ALL", "StackNames": { "Include": [ "stack-test-*" ] } } } } } ``` **Example : `Exclude` 特定堆栈** 以下示例指定了一个`Exclude`列表。挂钩可以在任何不是以开头的堆栈上调用`stack-test-`。 ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ALL", "StackNames": { "Exclude": [ "stack-test-*" ] } } } } } ``` **Example : 组合`Include`和`Exclude`用于特定的堆栈** 如果指定了`Include`和`Exclude`列表,则仅在`Exclude`列表中不匹配`Include`的堆栈上调用 Hook。在以下示例中,除了名为、和的堆栈`stack-test-`外,所有以`stack-test-1``stack-test-2`、开头的堆栈都会调用 Hook。`stack-test-3` ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ALL", "StackNames": { "Include": [ "stack-test-*" ], "Exclude": [ "stack-test-1", "stack-test-2", "stack-test-3" ] } } } } } ``` **Example : `Include` 特定角色** 以下示例指定了一个`Include`包含两个通配符模式的列表。第一个条目将为以 `hook-role` any and 开头的任何角色运行 Hook `account-id`。`partition`第二个条目将为任何属于的角色中的任何`partition`角色运行 any `account-id` `123456789012`。 ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ALL", "StackRoles": { "Include": [ "arn:*:iam::*:role/hook-role*", "arn:*:iam::123456789012:role/* ] } } } } } ``` **Example : `Exclude` 特定角色** 以下示例指定了一个`Exclude`包含两个通配符模式的列表。当角色的名称`exempt`中有 any and any 时,第一个条目将跳过 Hook `partition` 的执行`account-id`。当属于的角色与堆栈操作一起使用时,第二个条目将跳过 Hook 执行。`account-id` `123456789012` ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ALL", "StackRoles": { "Exclude": [ "arn:*:iam::*:role/*exempt*", "arn:*:iam::123456789012:role/* ] } } } } } ``` **Example : 组合`Include`和`Exclude`针对特定角色的 ARN 模式** 如果指定了`Include`和`Exclude`列表,则仅在与`Exclude`列表中`Include`不匹配的角色匹配的堆栈上调用 Hook。在以下示例中,Hook 是在堆栈操作中使用任意`partition``account-id`、和`role`名称调用的,除非该角色属于该角色`account-id``123456789012`。 ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ALL", "StackRoles": { "Include": [ "arn:*:iam::*:role/*" ], "Exclude": [ "arn:*:iam::123456789012:role/*" ] } } } } } ``` **Example : 将堆栈名称和角色与所有标准相结合** 以下 Hook 包括一个堆栈名称通配符和一个堆栈角色通配符。由于指定`FilteringCriteria`为`ALL`,因此只有同时具有匹配`StackName`和匹配`StackRoles`的堆栈才会调用 Hook。 ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ALL", "StackNames": { "Include": [ "stack-test-*" ] }, "StackRoles": { "Include": ["arn:*:iam::*:role/hook-role*"] } } } } } ``` **Example : 结合`StackNames`并`StackRoles`符合任何标准** 以下 Hook 包括一个堆栈名称通配符和一个堆栈角色通配符。由于指定`FilteringCriteria`为`ANY`,因此会为匹配`StackNames`或匹配的堆栈调用 Hook `StackRoles`。 ``` { "CloudFormationConfiguration": { "HookConfiguration": { "HookInvocationStatus": "ENABLED", "TargetOperations": [ "STACK", "RESOURCE" ], "FailureMode": "WARN", "Properties": {}, "StackFilters": { "FilteringCriteria": "ANY", "StackNames": { "Include": [ "stack-test-*" ] }, "StackRoles": { "Include": ["arn:*:iam::*:role/hook-role*"] } } } } } ```