Menu
I want this resource to work with the !Sub (or Fn::Sub) intrinsic function
Resource: !Sub 'arn:aws:iam::${AWS::AccountId}:user/${aws:username}'
The aws:username is a pollicy variable that mustn't be replaced.
One solution would be to use Fn::Join instead and write a bit more boilerplate code.
Better: Can you escape the ${aws:username} so that !Sub will work here? Unfortunately, the documentation does not mention anything about escaping.
980
Fn::Sub. The intrinsic function Fn::Sub substitutes variables in an input string with values that you specify. In your templates, you can use this function to construct commands or outputs that include values that aren't available until you create or update a stack.
The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in the template. For more information about GetAtt return values for a particular resource, refer to the documentation for that resource in the Resource and property reference.
The intrinsic function Fn::ImportValue returns the value of an output exported by another stack. You typically use this function to create cross-stack references. In the following example template snippets, Stack A exports VPC security group values and Stack B imports them.
In the AWS CloudFormation console , from the list of stacks, select the running stack that you want to update. In the stack details pane, choose Update. If you haven't modified the stack template, select Use current template, and then choose Next.
You actually can escape $ characters with ${!}.
So your resource would look like this:
Resource: !Sub 'arn:aws:iam::${AWS::AccountId}:user/${!aws:username}'
It is mentioned in the docs under the string parameter section.
To write a dollar sign and curly braces (${}) literally, add an exclamation point (!) after the open curly brace, such as ${!Literal}. AWS CloudFormation resolves this text as ${Literal}.
92
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
