AWS CloudFormation: Provide an attribute itself (not the value!) conditionally

Question

based on a Parameter in a CloudFormation template, I try to provide an attribute to a resource. And I do not mean providing a value for that attribute, but to decide whether the attribute should be passed to the resource or not. Specifically I try to do that for the attribute RoleName of a AWS::IAM::Role resource. I tried the following:

"Conditions": {
  "MyCondition": {
    "Fn::Equals": [
      {
        "Ref": "OptionalRoleName"
      },
      ""
    ]
  }
},
...
"Parameters": {
  "OptionalRoleName": {
    "AllowedPattern": "^$|[\\w+=,.@-]+",
    "ConstraintDescription": "Please use only upper and lowercase alphanumeric characters with no spaces and any of the following characters: _+=,.@-.",
    "Default": "",
    "Description": "Optional fixed Role Name",
    "Type": "String"
  }
},
...
"Properties": {
    "RoleName": {
      "Fn::If": [
        "MyCondition",
        {"Ref": "OptionalRoleName"},
        {"Ref": "AWS::NoValue"}
      ]
    },
    ....

But if the condition is not met, during the execution AWS complains that the RoleName cannot be an empty string. So the AWS::NoValue seems to evaluate to empty string in case of a string attribute. If there a way to work around that?

Thanks!

Answer 1

Your condition is incorrect; the condition evaluates to true if OptionalRoleName is not specified, however you want the negation of this. Specifying the condition as the following should give you the behaviour you want:

"MyCondition": {
    "Fn::Not": {
        "Fn::Equals": [
          {
            "Ref": "OptionalRoleName"
          },
          ""
        ]
    }
  }