[SOLVED] Cloudformation: Create array of log ARNs from comma delimited list of log names – Stack Overflow

Issue

This Content is from Stack Overflow. Question asked by Jan Garaj

I have parameter LogNames – comma delimited list of log names:

  LogNames:
    Type: String
    Default: >-
      /aws/my-custom-log-1,/aws/my-custom-log-1

I want to use it in the IAM policy definition – Resource field:

Resource:
  <array of allowed log ARNs created from LogNames parameter>

Any idea how to use functions e.g. Split, Join, Sub, … to generate correct array of log ARNs? Single log ARN have syntax:

- !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:${LogName}:*'



Solution

Its not possible without a macro or a custom resource. The only way to do it without these, is to hardcode your region and accountid and use combo of Split, Join, Sub:

Parameters:
  LogNames:
    Type: CommaDelimitedList
    Default: >-
      /aws/my-custom-log-1,/aws/my-custom-log-2,/aws/my-custom-log-3

Resource:
          !Split:
            - ","
            - !Sub
                - "arn:aws:logs:us-east-1:234234234234:log-group:${logname}"
                - logname: !Join
                          - ",arn:aws:logs:us-east-1:234234234234:log-group:"
                          - !Ref LogNames


This Question was asked in StackOverflow by Jan Garaj and Answered by Marcin It is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.

people found this article helpful. What about you?