AWS CFT How to append list parameter to list of static string options-CodePudding

Trying to create a bucket policy which will allow same account roles and cross account roles.

Here CicdDeploymentRoleArn is a list of cross account role arns.

Parameters:
  CicdDeploymentRoleArn:
    Type: CommaDelimitedList
    Description: >-
      The ARN of the CICD deployment role that will need access to the S3
    Default: >-
      arn:aws:iam::xxx:role/preprod,arn:aws:iam::xxx:role/prod

  InfraBucketPolicy:
    Properties:
      Bucket: !Ref InfraBucket
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Action:
              - "s3:*"
            Effect: Allow
            Principal:
              AWS:
                - !Sub "arn:aws:iam::${AWS::AccountId}:role/human-role/PowerUser2"
                - !Ref CicdDeploymentRoleArn # How to refer list here ?
            Resource:
              - !Join [ "", [ !GetAtt InfraBucket.Arn, "/*" ] ]
    Type: "AWS::S3::BucketPolicy"

CodePudding user response：

You can do this with combination of Split and Join (have to be careful about indentation):

  InfraBucketPolicy:
    Properties:
      Bucket: !Ref InfraBucket
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Action:
              - "s3:*"
            Effect: Allow
            Principal:
              AWS:
                !Split
                   - ","
                   - !Join
                      - ","
                      - - !Sub "arn:aws:iam::${AWS::AccountId}:role/human-role/PowerUser2"
                        - !Join [",", !Ref CicdDeploymentRoleArn]              
            Resource:
              - !Join [ "", [ !GetAtt InfraBucket.Arn, "/*" ] ]
    Type: "AWS::S3::BucketPolicy"