overexchange
Reputation: 1
CloudFormation - How to use Sub intrinsic function?
In the below JSON rule:
{
"Action": [
"iam:CreatePolicyVersion",
"iam:DeletePolicy",
"iam:DeletePolicyVersion",
"iam:SetDefaultPolicyVersion"
],
"Resource": [
"arn:aws:iam::${Account:Id}:policy/policy1",
"arn:aws:iam::${Account:Id}:policy/policy2"
],
"Effect": "Deny"
}
How to use Sub intrinsic function syntax in Resource section? to substitute variables...
Edit:
{
"Action": [
"iam:CreatePolicyVersion",
"iam:DeletePolicy",
"iam:DeletePolicyVersion",
"iam:SetDefaultPolicyVersion"
],
"Resource": [
"arn:aws:iam::${Account:Id}:policy/policy1"
],
"Effect": "Deny"
}
How to refer single resource?
Upvotes: 0
Views: 328
Answers (1)
TheClassic
Reputation: 1044
{
"Action": [
"iam:CreatePolicyVersion",
"iam:DeletePolicy",
"iam:DeletePolicyVersion",
"iam:SetDefaultPolicyVersion"
],
"Resource": [
{ "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:policy/policy1"},
{ "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:policy/policy2"}
],
"Effect": "Deny"
}
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html
Upvotes: 2
Related Questions
- Use Gett Function inside Sub in cloudformation
- How to use Sub and GetAtt functions at the same time in CloudFormation template?
- Using api call result as a parameter for CloudFormation resource
- Is this not how you refer a cloudformation resource?
- How to use intrinsic functions of CloudFormation properly in yml
- AWS Cloudformation nested intrinsic function not evaluating
- AWS CloudFormation - Any way to use an intrinsic function as an object key?
- AWS cloudformation pass value to nested stack
- AWS CloudFormation chaining functions
- CloudFormation nested stack parameters