Having a requirement wherein I have to create a Cloudformation stack set which will create a S3 bucket in multiple AWS regions.
But the problem here is I want to whitelist an IP address in all the S3 buckets in all AWS region and this IP address will be different for each AWS region.
So, I have defined multiple parameters which will take an IP address from the users. Also I have defined a condition for its AWS region. So, lets say if the stack which is getting deployed via stackset is in us-east-1 region, then the condition for us-east-1 will return true. Now, I am giving "!if" statement in S3 bucket policy so that if the stack is getting deployed in us-east-1 region then that particular is statement will be executed.
Below is the S3 bucket policy condition:-
Condition:
NotIpAddress:
aws:SourceIp:
- !If [IsUSEast1, !Ref S3IPAddressUSEast1ToWhitelist, !Ref "AWS::NoValue"]
- !If [IsUSEast2, !Ref S3IPAddressUSEast2ToWhitelist, !Ref "AWS::NoValue"]
- !If [IsUSWest1, !Ref S3IPAddressUSWest1ToWhitelist, !Ref "AWS::NoValue"]
- !If [IsUSWest2, !Ref S3IPAddressUSWest2ToWhitelist, !Ref "AWS::NoValue"]
- !If [IsEUCentral1, !Ref S3IPAddressEUCentral1ToWhitelist, !Ref "AWS::NoValue"]
- !If [IsEUWest1, !Ref S3IPAddressEUWest1ToWhitelist, !Ref "AWS::NoValue"]
As you can see above if the Cloudformation stack which is getting deployed is in us-east-1 region then 1st "!if" statement will be executed and it will use "S3IPAddressUSEast1ToWhitelist" parameter. But this is not working in my case and it seems that "aws:SourceIp" is only allowing one "!if" statement to execute. Also I tried various other approaches like mappings but here we cannot use !Ref function to assign our parameters into mappings.
If anybody can help to resolve this issue then I would be very glad.
