Nadav Holtzman
Nadav Holtzman

Reputation: 298

How do I use conditions in cloudformation properties?

I am trying to create a cloudformation template which creates a role and I want to include managed policies in the role but only if a condition is true, but cloudformation doesn't allow to do something like this:

"MyRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "ManagedPolicyArns": [
          "Condition": "MyCondition":
          {
            "Ref": "EMRFullAccessManagedPolicy"
          }
        ],
        "RoleName": {
                   myRole
                    }
             }
        }

Is there a way to use conditions in properties this way?

Upvotes: 0

Views: 605

Answers (1)

kgiannakakis
kgiannakakis

Reputation: 104196

You could use Fn::If:

"ManagedPolicyArns":      
          {"Fn::If" : [
            "MyCondition",
            ["Ref": "EMRFullAccessManagedPolicy"],
            []
          ]}

or

"ManagedPolicyArns":
  { "Fn::If": 
   ["AddSageMakerAccess",    
     ["arn:aws:iam::aws:policy/AmazonSageMakerFullAccess" ],
      { "Fn::If": 
         ["AddEMRFullAccessPolicy", 
         ["arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2" ], 
         [] 
     ] 
     } 
   ] 
   }, 
   

The above will work if AddSageMakerAccess and AddEMRFullAccessPolicy are mutually exclusive.

Upvotes: 1

Related Questions