amazon-cloudformation - 参考从先前资源创建的 arn

问题描述

我正在尝试将第一步创建的策略的资源 arn 添加到第二步。但我无法将资源一中的 arn 引用到资源二。我尝试使用！ref 和 getattr，两者都不起作用。有什么解决办法吗？

在我尝试执行的 cloudformation 模板下方。

    Parameters: 
      AccountID: 
        Type: 'String'
        Default: "123465646"
        Description: "account id where the resources will be created"
    Resources:
      ssmPolicyEc2Manage: 
        Type: AWS::IAM::ManagedPolicy
        Properties: 
          Description: "This policy will be attached to EC2 running ssm agent"
          Path: "/"
          PolicyDocument: 
          Version: "2012-10-17"
          Statement: 
            - 
              Effect: "Allow"
              Action: "iam:PassRole"
              Resource: 
                  - !Join [ "", [ "arn:aws:iam::", !Ref AccountID, ":role/ssm_role_policy" ] ]

      snsPolicyRole:
        Type: AWS::IAM::Role
        Properties:    
          AssumeRolePolicyDocument: 
            Version: "2012-10-17"
            Statement:
              -
                Effect : "Allow"
                Principal:
                  Service :
                    - "ssm.amazonaws.com"
                    - "ec2.amazonaws.com"
                Action:
                    - "sts:AssumeRole"
          Path: "/"
          ManagedPolicyArns:
            - "HERE INCLUDE THE RESOURCE ARN CREATED FROM THE PREVIOUS RESOURCE I.E,ssmPolicyEc2Manage "
        DependsOn: ssmPolicyEc2Manage

谢谢您的帮助。

标签： amazon-cloudformation