问题
I want this resource to work with the !Sub (or Fn::Sub) intrinsic function
Resource: !Sub 'arn:aws:iam::${AWS::AccountId}:user/${aws:username}'
The aws:username is a pollicy variable that mustn't be replaced.
One solution would be to use Fn::Join instead and write a bit more boilerplate code.
Better: Can you escape the ${aws:username} so that !Sub will work here? Unfortunately, the documentation does not mention anything about escaping.
回答1:
You actually can escape "$" characters with "${!}".
So your resource would look like this:
Resource: !Sub 'arn:aws:iam::${AWS::AccountId}:user/${!aws:username}'
It is mentioned in the docs under the string parameter section.
To write a dollar sign and curly braces (${}) literally, add an exclamation point (!) after the open curly brace, such as ${!Literal}. AWS CloudFormation resolves this text as ${Literal}.
来源:https://stackoverflow.com/questions/44458304/how-to-escape-in-cloudformations-fnsub