Intrinsic Functions with inline policies results in base64 output

[razor-1]

I'm trying to build a stack similar to what is outlined here. Most of it is working great in goformation, but it seems like it's not possible to embed an inline policy along with intrinsic functions.

What I'm specifically trying to do is add a DestinationPolicy to an AWSLogsDestination. This policy is comprised of the escaped JSON and intrinsic functions. From the above link:

"DestinationPolicy": { "Fn::Join" : ["",[
		"{\"Version\" : \"2012-10-17\",\"Statement\" : [{\"Effect\" : \"Allow\",",
                " \"Principal\" : {\"AWS\" : \"", {"Ref":"SourceAccount"} ,"\"},",
                "\"Action\" : \"logs:PutSubscriptionFilter\",",
                " \"Resource\" : \"", 
                {"Fn::Join": [ "", [ "arn:aws:logs:", { "Ref": "AWS::Region" }, ":" ,{ "Ref": "AWS::AccountId" }, ":destination:",{ "Ref" : "AWS::StackName" },"-Destination" ] ]}  ,"\"}]}"
]]}

But despite various ways of invoking cloudformation.Join(), whenever JSON is passed in, DestinationPolicy ends up getting rendered in the output as base64.

[rhyselsmore]

I am also encountering this issue. I am yet to find a workaround.

[rhyselsmore]

My workaround is super crude, but basically I declare my Log Destination like so:

logDestination := &resources.AWSLogsDestination{
	RoleArn:         cfn.Sub("${LogsRole.Arn}"),
	TargetArn:       cfn.Sub("${Stream.Arn}"),
	DestinationName: "cloudtrail",
	DestinationPolicy: cfn.Sub("${LogDestinationPolicyPlaceholder}"),
}

Then, after the template is rendered, I run:

t = strings.Replace(t, "${LogDestinationPolicyPlaceholder}", destinationPolicy, 1)

Where destinationPolicy is the policy JSON. However, big caveat - I have to wrap destinationPolicy with single quotes. Not sure how this goes if the policy document contains single quotes - however until this is fixed it works fine for me.

Like I said - super crude, and super brittle, but gets me moving along.