I would like to use jinja logic in my template:
---
AWSTemplateFormatVersion: 2010-09-09
Description: '{{ git_repository.after | truncate(8, end='') }} @ infra-lambda.git : roles/{{ lambda_name }}'
Resources:
{% if lambda_account == 'true' %}
RoleToAssume:
Type: AWS::IAM::Role
Properties:
RoleName: "infra-lambda-{{ lambda_name }}-LambdaRole-{{ shortname }}-{{ dtap }}"
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "lambda.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
Policies:
- PolicyName: RoleToAssumeLambdaPolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- Effect: Allow
Action:
- "cloudwatch:Get*"
- "cloudwatch:List*"
- "cloudwatch:Put*"
Resource:
- "*"
- Effect: Allow
Action:
- "sts:AssumeRole"
Resource:
- "*"
{% else %}
RoleToBeAssumed:
Type: AWS::IAM::Role
Properties:
RoleName: RoleToBeAssumed
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: DefaultStatement
Effect: "Allow"
Principal:
AWS:
- "arn:aws:iam::{AWS_ACCOUNT}:role/lambda_assume"
Action:
- "sts:AssumeRole"
Path: "/"
Policies:
- PolicyName: "DeleteCertificates"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- acm:DeleteCertificate
- acm:GetCertificate
Action:
- acm:ListCertificates
Resource: '*'
{% endif %}
I've already tried true without '' and instead of true is defined but still no success. The logic is pretty simple. In the inventory I have:
unused_certs:
enabled: true
lambda_account: true
If I have the above in the inventory only RoleToAssume and LambdaFunction resources should be created. If I don't have lambda_account set to true, only the resources after the else statement should be created. Any idea why only the resources after the else statement are being created by CloudFormation? I cannot use "when" in Ansible playbook because my repo is not constructed that way unfortunately.
The "pythonic" way to write the sentence is just:
{% if lambda_account %}
But you can still use true with lowercase, as stated in the jinja2 docs .
{% if lambda_account == true %}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.