Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Cloudformation create resource conditionally

Tags:

amazon-web-services

amazon-cloudformation

I was looking at the Condition Function Fn::If: to create or provision a resource only if a condition is evaluated to true. In my case, created a policy if the environment is prod.

Parameters:
  Env:
    Description: Environment
    Type: String

Conditions:
  IsProd: !Equals [!Ref Env, 'prod']

I know how to do it for a property, but not for the entire resource block.

Type: 'AWS::IAM::Policy'
Properties:
  PolicyName: root
  PolicyDocument:
    Version: 2012-10-17
    Statement:
      - Effect: Allow
        Action: '*'
        Resource: '*'
  Roles:
    - !Ref RootRole

Is this something possible?

like image 710
Peter Avatar asked Jun 23 '20 22:06

Peter

People also ask

Which section of CloudFormation does not allow for conditions?

According to the docs, Conditions should be used at the top level of the resource you want to conditionally create. Putting a Condition inside the Instance UserData section isn't supported. To use Conditions in your situation, you'd want separate Resources conditionally created based on the Parameter.

What is pseudo parameter in AWS CloudFormation?

Pseudo parameters are parameters that are predefined by AWS CloudFormation. You don't declare them in your template. Use them the same way as you would a parameter, as the argument for the Ref function.

What is FN :: if?

Fn::If. Returns one value if the specified condition evaluates to true and another value if the specified condition evaluates to false .

1 Answers

You can do it using Condition: resource attribute. For example:


Resources:

    MyIAMPolicy:

        Condition: IsProd

        Type: 'AWS::IAM::Policy'
        Properties:
          PolicyName: root
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: '*'
                Resource: '*'
          Roles:
            - !Ref RootRole

More on this can be found here:

  • Conditionally launch AWS CloudFormation resources based on user input
like image 155
Marcin Avatar answered Nov 15 '22 05:11

Marcin
Sign in to Comment

Related questions

How to access a public S3 bucket from another AWS account?
AWS API Gateway + Cognito + Lambda - $context.authorizer.principalId empty
Amazon EC2 Instance Connect for SSH - security group?
Access to the resource https://sqs.us-east-1.amazonaws.com/ is denied
Angular S3 Static Website - 403 Forbidden Routing Error
How to Trigger Glue ETL Pyspark job through S3 Events or AWS Lambda?
add S3 trigger on a Lambda function with cloudformation yaml
Would someone be able provide an example of what an AWS Cloudformation AWS::GLUE::WORKFLOW template would look like?
AWS S3 - SlowDown: Please reduce your request rate
mock boto3 response for downloading file from S3
When should I delete messages in SQS?
AWS Athena - duplicate columns due to partitionning
Cognito Custom Message Trigger doesn't have any effect
Can I send batch message to AWS SNS
Authorise Request to AWS WebSocket API Gateway using AWS_IAM
AWS Lambda, Python, Numpy and others as Layers
Are Cognito refresh tokens "valid" JSON web tokens?
Airflow: Unable to access the AWS providers
Testing a AWS S3 Presigned Url returns 403 Forbidden (Nodejs)
How to pass parameter as a file in AWS CloudFormation deploy?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!