I'm new to using the modules feature from AWS Cloudformation. I have registered the following simple IAM role fragment using the Cloudformation CLI to test things out.
ORG::IAM:Role::MODULE
AWSTemplateFormatVersion: '2010-09-09'
Description: A module wrapping a IAM Role.
Parameters:
RoleName:
Description: Name for the IAM role
Type: String
RoleDescription:
Description: Description for the IAM role
Type: String
ManagedPolicyArns:
Description: Managed policy ARNs for the IAM role
Type: List<String>
RolePolicy:
Description: Policy for the IAM role
Type: List<String>
RoleService:
Description: Service for the IAM role
Type: String
Resources:
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
Effect: Allow
Principal:
Service:
- !Ref RoleService
Action:
- sts:AssumeRole
Description: !Ref RoleDescription
RoleName: !Ref RoleName
Policies: !Ref RolePolicy
ManagedPolicyArns: !Ref ManagedPolicyArns
This works as expected, but when I use this module inside a new CF template, as seen below, I get the following error:
ORG::Glue::Crawler::MODULE
AWSTemplateFormatVersion: '2010-09-09'
Description: A module wrapping a Glue Crawler.
Parameters:
CrawlerName:
Description: Name for the crawler
Type: String
DatabaseName:
Description: Name of the database to crawl
Type: String
S3Target:
Description: Target S3 bucket to crawl
Type: String
TablePrefix:
Description: Prefix for the tables
Type: String
Resources:
GlueCrawler:
Type: AWS::Glue::Crawler
Properties:
Name: !Ref CrawlerName
Role: "arn:aws:iam::XXXXXXXXXXXX:role/mock-bronze-crawler-role"
DatabaseName: !Ref DatabaseName
Targets:
S3Targets:
- Path: !Sub "s3://${S3Target}"
TablePrefix: !Ref TablePrefix
SchemaChangePolicy:
UpdateBehavior: "UPDATE_IN_DATABASE"
DeleteBehavior: "LOG"
CrawlerRole:
Type: AG::IAM::Role::MODULE
Properties:
RoleName: !Sub "${CrawlerName}_role"
RoleDescription: !Sub "IAM role for ${CrawlerName} Glue Crawler"
ManagedPolicyArns:
['arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole']
RolePolicy:
- PolicyName: !Sub "${CrawlerName}Policy"
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "s3:GetObject"
- "s3:PutObject"
Resource:
- !Sub 'arn:aws:s3:::${S3Target}*'
RoleService: "glue.amazonaws"
ERROR:
CloudFormation failed to preprocess the stack: Template format error: Unresolved resource dependencies [CrawlerRoleCrawlerName, CrawlerRoleS3Target] in the Resources block of the template. Rollback requested by user.
It seems to concatenate the template resource and parameter names together and expects it as a new parameter. Any help would be greatly appreciated!