Reference Role from UserData in YAML Cloudformation template

Question

I'm writing a cloudformation template in the 'new' YAML format and I'm not sure how to translate Ref statements that occur within the UserDate section. The data within userdata is a cloud-config for CoreOS containing unit files. The template works fine in JSON, but I don't know how to structure the Ref statement in YAML.

The top of my userdata section is as follows:

  UserData:
    Fn::Base64: 
      !Sub | 

This references a parameter, and it works fine

Environment=NRSYSMOND_license_key=${NewRelicLicenseKey}

This is supposed to reference the dynamic IAM role created by the template. CF doesn't seem to swap the value out with the ID of the Role

Environment=IAM_ROLE=${InstanceRole}

This causes an error in CoreOS because it cannot parse the variable meaning it wasn't swapped out

Environment=IAM_ROLE=${!Ref InstanceRole}

Is it not possible to reference objects such as Roles from the userdata section if they were created in the same CF template? Substitution works fine when using AWS::* resources, or when using parameters.

Answer 1

If you have the resource called InstanceRole as below:

Resources:
  InstanceRole:
    Type: "AWS::IAM::Role"
    Properties:
      etcetc

You should be able to do what you suggest, however you can also pass the Ref value into a variable to be substituted as below. A bit more explanation at the bottom of http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html

  UserData:
    Fn::Base64: 
      !Sub
      - |
        Environment=IAM_ROLE=${InstanceRole}
      - InstanceRole:
          Ref: InstanceRole

If you are giving the InstanceRole resource a name property and expecting that to be the value returned then that won't work, AFAIK