Home > Back-end >  How to use !ImportValue on a resource's Arn string in Cloudformation
How to use !ImportValue on a resource's Arn string in Cloudformation

Time:08-01

I try to import a resource's arn string from another cloudformation stack's output. But I get this error:

mapping values are not allowed here
  in "<unicode string>", line 22, column 28:
          Role: Fn::ImportValue: LocalLambdaExecRole.Arn
                               ^ (line: 22)

Stack 1 with the output:

Resources:
  LocalLambdaExecRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: LocalLambdaExecRole
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
Outputs:
  LocalLambdaExecRole:
    Description: Lambda Execution Role
    Value: !Ref LocalLambdaExecRole
    Export:
      Name: !Sub "${AWS::StackName}-LocalLambdaExecRole"

And in stack 2 I want to import the Arn from the LocalLambdaExecRole:

Resources:
  LogGroup:
    Type: "AWS::Logs::LogGroup"
    Properties:
      LogGroupName: "TestGroup"
  HtmlRendererFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: "TestLambda"
      Role: !ImportValue: LocalLambdaExecRole.Arn
      Runtime: python3.9
      Architectures:
        - arm64
      Handler: app.handler
      Timeout: 40
      MemorySize: 8000
      PackageType: Image
      Code:
          ImageUri: "123.dkr.ecr.eu-west-1.amazonaws.com/test:latest"
      VpcConfig:
        SecurityGroupIds:
          - sg-0e640b53f5ba70c4e
        SubnetIds:
          - subnet-037112f9a752f20c8
          - subnet-0abd66e55d4b9f967
          - subnet-053e223fd30ba07de

How do I properly import the LocalLambdaExecRole.Arn? I have a hard time wrapping my head around the syntax here.

CodePudding user response:

Instead of

  Role: !ImportValue: LocalLambdaExecRole.Arn

it should be:

  Role: !ImportValue LocalLambdaExecRole

and your output should be:

Outputs:
  LocalLambdaExecRole:
    Description: Lambda Execution Role
    Value: !GetAtt LocalLambdaExecRole.Arn
    Export:
      Name: !Sub "${AWS::StackName}-LocalLambdaExecRole"
  • Related