Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CloudFormation Magic to Generate A List of ARNs from a List of Account Ids

Tags:

amazon-cloudformation

In my template, I am passing a CommaDelimitedList of account ids as a parameter.

I am hoping to do some Fn::Join and/or Fn::Sub magic to transform the list as follow:

 "Accounts" : {
     "Type" : "CommaDelimitedList",
     "Default" : "12222234,23333334,1122143234,..."
}

To be used in the template as a list `root` ARN's as :
 [
   "arn:aws:iam::12222234:root"
   "arn:aws:iam::23333334:root"
   "arn:aws:iam::1122143234:root"
 ]

Right now I am passing in the full ARNs, so it's working, but it is kluncky. However the CFN built in functions are proving very hard at doing this.

Any one have ready code for something like this?

like image 748
Sam Hammamy Avatar asked Feb 23 '18 14:02

Sam Hammamy

People also ask

How do you reference parameters in CloudFormation?

You use the Ref intrinsic function to reference a parameter, and AWS CloudFormation uses the parameter's value to provision the stack. You can reference parameters from the Resources and Outputs sections of the same template.

What is pseudo parameters in CloudFormation?

Pseudo parameters are parameters that are predefined by AWS CloudFormation. You don't declare them in your template. Use them the same way as you would a parameter, as the argument for the Ref function.

What is the difference between stack and template in CloudFormation?

A collection of AWS resources is called a stack, and it can be managed in a single unit. CloudFormation's template defines a stack in which the resources can be created, deleted or updated in a predictable way. A stack can have all the resources (web server, database, etc.) required to run a web application.

What is stack ID in AWS?

To find a Stack ID, you can use either the Amazon EC2 console, AMS console, or the AMS SKMS API/CLI. AMS Console: In the navigation pane, select RFCs, and then click the RFC that created the stack. Use the filter option at the top to reduce the list.

1 Answers

I was able to adapt the existing answer by Sam Hammamy to work around the limitation of requiring special handling for the first and last items by using Fn::Sub. You can also combine two of the Joins.

In YAML:

AWS: !Split
  - ','
  - !Sub
    - 'arn:aws:iam::${inner}:root'
    - inner: !Join
      - ':root,arn:aws:iam::'
      - Ref: "Accounts"

And in JSON:

"Fn::Split": [
    ",", 
    {
        "Fn::Sub": [
            "arn:aws:iam::${rest}:root", 
            {
                "rest": {
                    "Fn::Join": [
                        ":root,arn:aws:iam::", 
                        { "Ref": "Accounts" }
                    ]
                }
            }
        ]
    }
]
like image 122
borkl Avatar answered Sep 28 '22 02:09

borkl
Sign in to Comment

Related questions

AWS Cloudformation create resource conditionally
'Failed to refresh tokens: Missing required parameter auth parameters.' - AWS Amplify Pull API
Aws cloud formation template: how to provide StreamName for Kinesis resource?
How to specify lambda function and IAM role name in cloudformation template
Can I set the parameters in an AWS CloudFormation launch URL?
AWS CLI list only the name of current running cloudformation stacks?
Cloudformation does not support create vpc links in apigateway
Standard formula to determine or calculate Cidr for VPC in AWS [closed]
Crontab in AWS CloudFormation Userdata
Way to access S3 Bucket's name from cloudformation/boto3?
Why doesn't a Retain DeletionPolicy in CloudFormation preserve a changed DynamoDB table?
Error creating BucketPolicy in CloudFormation yaml
Lambda backed custom resource cf template returns 'CREATE_FAILED'
Function not found after manually deleting a function in a SAM CloudFormation stack
Create AWS cache clusters in VPC with CloudFormation
Why is my CFN IAM role failing with "Missing required field Action"?
Terraform - Specifying multiple possible values for Variables
Error on run: Property validation failure: [Value of property {/Targets/0/Values} does not match type {Array}]
How can I invoke another lambda function also defined in AWS SAM template?
CodePipeline: How to reference nested CloudFormation Stacks from GitHub as Source

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!