Dynamically Creating Resource Name from Values

0
votes

My end goal is to create a policy document from a cloudformation script. I want to have one script where the parameter is selected and that value is used to in the name of the resource.

"arn:aws:dynamodb:us-east-1:12345678:table/monit-${dev}/stream/*"

where ${dev} is a parameter value

Parameters: Environment: Default: dev Description: Leveraged for environment tagging. Type: String AllowedValues: - dev - tst - qa - stg - prd

I want to try something like the following but don't know how to add the Ref Environment from the parameter or is there some other method?

'Fn::Sub': 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}'

So I don't end up have to create a bunch of different scripts

    PolicyDocument:
      Statement:
      - Effect: Allow
        Action:
        - dynamodb:DescribeStream
        - dynamodb:GetRecords
        - dynamodb:GetShardIterator
        - dynamodb:ListStreams
        - dynamodb:Scan
        #This will need to changed for other tables
      Resource:
         - "arn:aws:dynamodb:us-east-1:12345678:table/monit-dev/stream/*"
         - "arn:aws:dynamodb:us-east-1:12345678:table/monit-dev"
1
amazon-cloudformation

1 Answers

0
votes

If i understood you correctly, You can use Fn::Join to add the "Environment" value. You dont use Ref of the value it self.

The intrinsic function Ref returns the value of the specified parameter or resource.

When you specify a parameter's logical name, it returns the value of the parameter. When you specify a resource's logical name, it returns a value that you can typically use to refer to that resource, such as a physical ID.

json example:

    "CustomInstanceProfileArn": {
      "Fn::Join": [
        "", ["arn:aws:iam::", {
            "Ref": "AWS::AccountId"
          },
          ":instance-profile/", {
            "Ref": "InstanceProfile"
          }
        ]
      ]
    },

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html