I have a project where I needed to build an S3 bucket policy in a CFT, where certain statements should only be in the policy when a user ARN is provided. It’s hard to even Google for this use case, since bucket policies can contain “conditions”, but that’s different from conditionally including or excluding a policy statement.
The linked gists contain one extra feature – if a second user ARN is provided via a parameter, that user is added to one of the policy statements.
I’ve included json and yml versions. The yml is much easier to read, but my use case required json, so I’ve included both: https://gist.github.com/karlkranich/cd27f8bda64aa9e1cdab6cb52eaafcd8
I have a use case, where we have a access point policy with multiple arns, when once workflow runs, it should only pickup the extra arn from the json input and then add the extra arn only in the policy. The whole list should not be in my toml file for deployment.
Im confused and saw this the closest to my use case, hence shared.
Hi Kuntal,
I have been away from AWS for a few years now. But I would suggest that you try to create a condition that is true when the extra ARN is present, or when the workflow is running that needs the extra ARN. Then use that condition to include the extra ARN when necessary.