问题
I am building a stack to initialize a Cognito installation. As part of this I have setup user groups with associated roles. I need to set the Choose role from token option, allowing identities to use roles from the group(s) to which they are assigned.
This is done through the RoleMappings object in the IndentityPoolRoleAttachment object. This mappings object is a string -> object map, where the string represents the identity provider. In my case, this is:
cognito-idp.${some-region}.amazonaws.com/${some-userpool-id}:${some-pool-client-id}
Obviously, this needs to be dynamically built based on values in the stack, but I havent found a way to do this in a syntactically correct manner. Using Ref and Fn::Sub both result in syntactical errors. I have tried in both yaml and json syntax.
Am I missing something obvious?
来源:https://stackoverflow.com/questions/45107620/how-to-set-a-dynamic-rolemappings-key-for-a-indentitypoolroleattachment-in-cloud