Nathan
Reputation: 7709
Transforming a CommaDelimitedList of Roles to list of Arns in Cloudformation
I have a cloudformation template generating a kms key with a policy document to grant roles access to the key. Now I want the roles to be a CommaDelimitedList Parameter of the Cloudformation template and I do not know the size in advanced. So I have input like this:
["role1", "role2", ...]
and have to generate this:
Principal:
AWS:
- !Sub "arn:aws:iam::${AWS::AccountId}:role/role1",
- !Sub "arn:aws:iam::${AWS::AccountId}:role/role2",
...
Is this transformation possible in cloudformation?
Upvotes: 4
Views: 3208
Answers (1)
Rafał Wrzeszcz
Reputation: 2067
Not possible.
What you need to do is to pass the ARNs list. For example:
SomeParam:
"Fn::Join":
- ","
-
- !GetAtt "role1.Arn"
- !GetAtt "role2.Arn"
And just use it directly, CommaDelimitedList is automatically transformed into list by CloudFormation when passed as a parameter:
Principal:
AWS: !Ref "RolesParameter"
If you have just role names, you need to build the ARNs on your own, like in your question, but before passing as an argument:
SomeParam:
"Fn::Join":
- ","
-
- !Sub "arn:aws:iam::${AWS::AccountId}:role/role1"
- !Sub "arn:aws:iam::${AWS::AccountId}:role/role2"
Upvotes: 2
Related Questions
- ARN of the role that is automatically created with an Lambda function
- How to transform CommaDelimitedList parameter to build ARNs in CloudFormation
- How to create list of resource ARNS using a CommaDelimitedList parameter?
- CloudFormation Magic to Generate A List of ARNs from a List of Account Ids
- Using the Cloudformation Join function with a CommaDelimitedList Parameter to build IAM ARNs
- How to get an AWS ServiceLinkedRole ARN in CloudFormation
- AWS Cloudformation how from S3 bucket names CommaDelimitedList make list of ARN - semi for loop cycle
- How to get a role's name/ARN into its own AssumeRole policy?
- AWS CloudFormation Template to Create EC2 - List IAM Roles
- How to create a role with specified arn with cloudformation in aws?