我正在尝试将从第一步创建的策略的资源添加到第二步。但是我无法从资源1到资源2引用arn。我尝试了!ref和getattr,两者都无法正常工作。有什么解决办法吗?
在我要执行的cloudformation模板下面。
Parameters:
AccountID:
Type: 'String'
Default: "123465646"
Description: "account id where the resources will be created"
Resources:
ssmPolicyEc2Manage:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: "This policy will be attached to EC2 running ssm agent"
Path: "/"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "iam:PassRole"
Resource:
- !Join [ "", [ "arn:aws:iam::", !Ref AccountID, ":role/ssm_role_policy" ] ]
snsPolicyRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect : "Allow"
Principal:
Service :
- "ssm.amazonaws.com"
- "ec2.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- "HERE INCLUDE THE RESOURCE ARN CREATED FROM THE PREVIOUS RESOURCE I.E,ssmPolicyEc2Manage "
DependsOn: ssmPolicyEc2Manage
谢谢您的帮助。