Nadav Holtzman
Reputation: 298
How do I use conditions in cloudformation properties?
I am trying to create a cloudformation template which creates a role and I want to include managed policies in the role but only if a condition is true, but cloudformation doesn't allow to do something like this:
"MyRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"ManagedPolicyArns": [
"Condition": "MyCondition":
{
"Ref": "EMRFullAccessManagedPolicy"
}
],
"RoleName": {
myRole
}
}
}
Is there a way to use conditions in properties this way?
Upvotes: 0
Views: 605
Answers (1)
kgiannakakis
Reputation: 104196
You could use Fn::If:
"ManagedPolicyArns":
{"Fn::If" : [
"MyCondition",
["Ref": "EMRFullAccessManagedPolicy"],
[]
]}
or
"ManagedPolicyArns":
{ "Fn::If":
["AddSageMakerAccess",
["arn:aws:iam::aws:policy/AmazonSageMakerFullAccess" ],
{ "Fn::If":
["AddEMRFullAccessPolicy",
["arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2" ],
[]
]
}
]
},
The above will work if AddSageMakerAccess and AddEMRFullAccessPolicy are mutually exclusive.
Upvotes: 1
Related Questions
- CloudFormation: conditional parameters
- How to use conditions for properties in Cloudformation
- cloudformation multiple if conditions
- AWS CloudFormation conditions
- If else condition cloudformation
- Conditions in cloudformation
- AWS Cloudformation - How to use If Else conditions
- How to add conditions in Parameters section in AWS CloudFormation?
- Using Conditions and Parameters in CloudFormation
- CloudFormation condition functions value based on parameter