首页 / 问题 / 正文

错误 [验证错误]: 无法从参数存储获取参数 [/route53resolver/query-log-id]

0 投票
1 回答
34 浏览
提问于 2025-04-14 17:05

我在尝试使用一个来自其他账户的共享参数时,遇到了以下错误。

 ❌  SensorsRootHub-egress-stack failed: Error [ValidationError]: Unable to fetch parameters [/route53resolver/query-log-id] from parameter store for this account.
    at Request.extractError (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:46692)
    at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:91437)
    at Request.emit (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:90885)
    at Request.emit (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:199281)
    at Request.transition (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:192833)
    at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:157705)
    at /usr/local/lib/node_modules/aws-cdk/lib/index.js:376:158035
    at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:193125)
    at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:199356)
    at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/lib/index.js:376:91605) {
  code: 'ValidationError',
  time: 2024-03-10T14:41:14.406Z,
  requestId: 'a8081114-6ede-4867-9c72-4032284d0490',
  statusCode: 400,
  retryable: false,
  retryDelay: 788.1716239431858
}

根据CloudFormation文档的说明:对于由其他AWS账户共享的SSM参数,必须输入完整的参数ARN。但是,当我尝试引用这个参数的完整ARN时,却出现了以下错误:

jsii.errors.JavaScriptError: 
  @jsii/kernel.RuntimeError: Error: Parameter names must be fully qualified (if they include "/" they must also begin with a "/"): arn:aws:ssm:eu-west-1:402736836567:parameter/route53resolver/query-log-id
      at Kernel._Kernel_ensureSync (/tmp/tmpe5jnm3bc/lib/program.js:10491:23)
      at Kernel.sinvoke (/tmp/tmpe5jnm3bc/lib/program.js:9876:102)
      at KernelHost.processRequest (/tmp/tmpe5jnm3bc/lib/program.js:11696:36)
      at KernelHost.run (/tmp/tmpe5jnm3bc/lib/program.js:11656:22)
      at Immediate._onImmediate (/tmp/tmpe5jnm3bc/lib/program.js:11657:46)
      at process.processImmediate (node:internal/timers:476:21)

代码如下:

vpc: IVpc

query_log_id = ssm.StringParameter.value_for_string_parameter(
    self, parameter_name="/route53resolver/query-log-id"
)

route53resolver.CfnResolverQueryLoggingConfigAssociation(
    self,
    id="QueryLogConfigAssociation",
    resolver_query_log_config_id=query_log_id,
    resource_id=vpc.vpc_id
)

我尝试通过命令行工具来获取这个参数,只有在使用完整的ARN值时才成功,否则我会收到在调用GetParameter操作时发生错误(ParameterNotFound)的提示。

我遗漏了什么呢?

错误处理 命令行工具 aws cloudformation 参数存储 arn 共享参数 查询日志 跨账户访问

1 个回答

0

根据CloudFormation 的文档,目前这项功能是不支持的:

现在,CloudFormation 不支持跨账户访问 SSM 参数。

你提到的文档是关于 CloudFormation 参数类型的,但这和 CDK 在生成对 SSM 参数的引用时使用的方式不一样。

回答于 2025-04-14 由 Python大师
分享 举报

撰写回答