Using multiple Fn::Sub inside Fn::if

Question

Currently trying to use an Fn::if with multiple Fn::Subs, however currently only the first is converted. I tried using multiple methods to create this, however this is the only method I was able to produce without causing syntax error's.

Resource:
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - Fn::If:
   - USRegion
   - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
   - !Ref AWS::NoValue

Tried using

Resource:
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
 - Fn::If:
   - USRegion
   - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
   - !Ref AWS::NoValue

which I saw in another SO question but still no dice.

How do I go about changing this to convert each value, rather than only the first?

Edit: For context here I've added that there is multiple arn's that aren't apart of the if statement.

Two current best solutions I have found

 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
 - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5
 - Fn::If:
   - USRegion
   - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame1
   - !Ref AWS::NoValue
 - Fn::If:
   - USRegion
   - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame2
   - !Ref AWS::NoValue

Or


  Fn::If:
   - USRegion
   - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame1
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame2
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5
   - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame3
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame4
     - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame5

Marcin · Accepted Answer

I think it should be (be careful about indentations):

Resource:
  Fn::If:
    - USRegion
    - - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
      - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
      - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
      - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/reponame
    - !Ref AWS::NoValue

Here if the USRegion is true, you return a list. In your original attempt you wanted to create a list of lists.

But you would need to reconsider using AWS::NoValue, assuming this is some IAM policy. Resource is required in an IAM policy statement, so you can't make IAM policy without a resource, in cases where USRegion is false.

Using multiple Fn::Sub inside Fn::if

Answers (2)

Related Questions