I have an IAM role with existing managed policies that I need to add more managed policies via a parameter since they're dynamic per stack.
Here's what I tried/want but it doesn't work. The cloudformation event error is "Value of property ManagedPolicyArns must be of type List of String". I take that to mean that the Split doesn't append the array but rather adds one item to the array that is itself an array.
Parameters:
StackManagedPolicyArns:
Description: Comma separated, dynamic list of ARNs passed in when deploying
Type: String
Resources:
MyRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${AWS::StackName}"
ManagedPolicyArns:
- Fn::ImportValue: !Sub "${Namespace}-common-policy"
- Fn::Split:
- ','
- !Ref StackManagedPolicyArns
How can I accomplish this?
CodePudding user response:
Things like that in CFN are a bit tricky. But you can join first everything into one large string, and then split it into array. This requires a combo of Join
and Split
functions:
Resources:
MyRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub "${AWS::StackName}"
ManagedPolicyArns:
Fn::Split:
- ','
- Fn::Join:
- ","
- - Fn::ImportValue: !Sub "${Namespace}-common-policy"
- Fn::Join:
- ","
- !Split [',', !Ref StackManagedPolicyArns]