I'm trying to create a CloudFormation stack for AWS Config service using ServiceLinkedRole for Config, however I have no idea how to refer to ARN of created AWS Config role in the same CloudFormation template, this is the config snippet:
AWSServiceLinkedRoleForConfig:
Type: 'AWS::IAM::ServiceLinkedRole'
Properties:
AWSServiceName: config.amazonaws.com
Description: AWS Config Service Linked role
ConfigRecorder:
Type: AWS::Config::ConfigurationRecorder
Properties:
Name: AWSConfigForTest
RecordingGroup:
ResourceTypes:
- "AWS::EC2::SecurityGroup"
RoleARN: ??
I've tried below formats:
RoleARN: !Ref "AWSServiceLinkedRoleForConfig"
The role arn passed 'AWSServiceRoleForConfig' is not valid. (Service: AmazonConfig; Status Code: 400; Error Code: InvalidRoleException; )
RoleARN: !Ref "AWSServiceLinkedRoleForConfig.Arn"
Template format error: Unresolved resource dependencies [AWSServiceLinkedRoleForConfig.Arn] in the Resources block of the template
According to the below cheatsheet there are no outputs ARN for ServiceLinkedRole resource: https://theburningmonk.com/cloudformation-ref-and-getatt-cheatsheet/
If this is the case how can I refer to ARN for this role in CloudFormation template file?
