You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many cases IAM Policy templates use template strings that are then filled in at compile time. In their raw template state they won't validate successfully against AWS APIs.
It would be useful to inject values for Policy Template strings used in the following IaC tools
terraform templatefile (interpolation, not directives)
cloudformation (!Sub function)
they both have the same interpolation syntax ${key}
CloudFormation has some builtin PseudoParameters like ${AWS::Region} as wel
As a first pass the templating context should require the literal String use within the interpolation, so the lookup will always be a str -> str. Won't support looking up against an object.
Many cases IAM Policy templates use template strings that are then filled in at compile time. In their raw template state they won't validate successfully against AWS APIs.
It would be useful to inject values for Policy Template strings used in the following IaC tools
terraform templatefile (interpolation, not directives)
cloudformation (!Sub function)
they both have the same interpolation syntax
${key}
CloudFormation has some builtin PseudoParameters like
${AWS::Region}
as welAs a first pass the templating context should require the literal String use within the interpolation, so the lookup will always be a str -> str. Won't support looking up against an object.
What about Conditionals in terraform?
https://www.terraform.io/language/configuration-0-11/interpolation#conditionals
We believe conditionals should be evaluated outside of the scope of a Policy template.
the context, a simple str -> str map should be supplied when iam-sarif-report is called. This should be from either a file or command line parameters
Policy Variables
IAM supports its own interpolation too using Policy Variables
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-wheretouse
any render would have to be to avoid interpolation of these
The text was updated successfully, but these errors were encountered: