I keep hitting circular dependency error in my cloudformation template. I believe to get around this one needs to separate the dependancy into a different resource but in my case I just want to add the arn of the role I am creating into the in-policy.
Below is one of the actions I want to add to the policy on this role:
Resources:
SSMHostMgmtRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- ssm.amazonaws.com
Version: '2012-10-17'
Path: "/"
Policies:
- PolicyDocument:
- Action:
- iam:PassRole
Effect: Allow
Resource: !GetAtt SSMHostMgmtRole.Arn
PolicyName: !Sub ${AWS::StackName}-${AWS::Region}-Example
RoleName: !Sub ${AWS::StackName}-${AWS::Region}-HostMgmtRole
Can someone help me point out the changes to eliminate the circular dependency and get the template to work?
CodePudding user response:
You need to break the circular dependency by manually creating the Arn. Replace:
Resource: !GetAtt SSMHostMgmtRole.Arn
with
Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/${AWS::StackName}-${AWS::Region}-HostMgmtRole