问题
In my template, I am passing a CommaDelimitedList of account ids as a parameter.
I am hoping to do some Fn::Join and/or Fn::Sub magic to transform the list as follow:
"Accounts" : {
"Type" : "CommaDelimitedList",
"Default" : "12222234,23333334,1122143234,..."
}
To be used in the template as a list `root` ARN's as :
[
"arn:aws:iam::12222234:root"
"arn:aws:iam::23333334:root"
"arn:aws:iam::1122143234:root"
]
Right now I am passing in the full ARNs, so it's working, but it is kluncky. However the CFN built in functions are proving very hard at doing this.
Any one have ready code for something like this?
回答1:
I was able to adapt the existing answer by Sam Hammamy to work around the limitation of requiring special handling for the first and last items by using Fn::Sub. You can also combine two of the Joins.
In YAML:
AWS: !Split
- ','
- !Sub
- 'arn:aws:iam::${inner}:root'
- inner: !Join
- ':root,arn:aws:iam::'
- Ref: "Accounts"
And in JSON:
"Fn::Split": [
",",
{
"Fn::Sub": [
"arn:aws:iam::${rest}:root",
{
"rest": {
"Fn::Join": [
":root,arn:aws:iam::",
{ "Ref": "Accounts" }
]
}
}
]
}
]
回答2:
The below works, but it has a strong limitation:
Because of the nature of the Fn::Join function, it places the delimitter between the elements of the list. Therefore the first and last element need special handing, as in:
"arn:aws:iam::xxxxx,yyyyy,zzzzzz,fffffff:root"
"Principal": {
"AWS":{
"Fn::Split" :
[",",
{"Fn::Join" : [",arn:aws:iam::",
{
"Fn::Split" :
[",",
{"Fn::Join" :
[":root,", {"Ref": "Accounts"}]}
]
}
]}
]
}
}
Not great, but better than previous.
来源:https://stackoverflow.com/questions/48950222/cloudformation-magic-to-generate-a-list-of-arns-from-a-list-of-account-ids