Get Value from a Lambda using Cloud Formation and check condition to branch

0
votes

I have attached the sample to give you some clarity of what i am trying to solve.

AWSTemplateFormatVersion: '2010-09-09'
Description: Project Service Catalog get lambda data

Parameters:
  Environment:
    Type: String
    Description: Environment of the SageMaker
  
  ProjectId:
    Type: String
    Description: Project ID of the SageMaker

  SsmRoleLambdaArn:
    Type: AWS::SSM::Parameter::Value<String>
    Default: '/data-science/role-lambda/arn'
    Description: Arn to lookup Role of the Session using project id

Resource:
  IdentifyUserRole:
    Type: Custom::GetParam
    Properties:
      ServiceToken: !Ref SsmRoleLambdaArn
      pl_role: !Sub '${Environment}-sso-data-science-${ProjectId}-pl-role'
      ds_role: !Sub '${Environment}-sso-data-science-${ProjectId}-ds-role'

  KmsKey:
    Type: AWS::KMS::Key
    Properties:
      Description: !Sub 'Encryption for ${Environment}-${ProjectId}-${Prid}-${NotebookInstanceNameSuffix}'
      EnableKeyRotation: true
      Tags:
        - Key: Environment
          Value: !Ref Environment
        - Key: Owner
          Value: !Ref Owner
        - Key: ProjectId
          Value: !Ref ProjectId
        - Key: PrincipalId
          Value: !Sub
            - "${RoleId}:${Prid}"
            - RoleId:
                Fn::If: [!Equals [!GetAtt IdentifyUserRole.value, true], !GetAtt PORoleId.value, !GetAtt DSRoleId.value]

I am getting error at the IF condition in the PrincipalID tag. Please help solve this condition with some sample templates. I can't use !GetAtt in the Conditions block as well because we are not supposed to use get attributes.

Error Message - During stack validation

An error occurred (ValidationError) when calling the ValidateTemplate operation: Template error: Fn::If requires a list argument with the first element being a condition

1
amazon-web-servicesamazon-cloudformationaws-cloudformation-custom-resource
The above template is just a sample one. Don't need to debug the parameter errors. Since i wanted solve the IF condition. I know some parameters are missing hereArunachalam

1 Answers

0
votes

You can't hard code the condition in the If like you are attempting:

 Fn::If: [!Equals [!GetAtt IdentifyUserRole.value, true], !GetAtt PORoleId.value, !GetAtt DSRoleId.value]

The first argument must be condition from Conditions section (docs):

reference to a condition in the Conditions section.

Subsequently, you can't construct conditions based on GetAtt or any other resources from Resources section.

The same docs also write:

You can only reference other conditions and values from the Parameters and Mappings sections of a template. For example, you can reference a value from an input parameter, but you cannot reference the logical ID of a resource in a condition.