CloudFormation reference the userId that is running the Template
My usecase consists of a user launching a cloudformation template via Service Catalog to create an ec2 instance. I would like the CFN template to create a tag key called "Owner" and assign the userid who launched the CFN to the tag value.
I use this "Owner" tag in a custom policy to provide permissions based on this condition: "Condition": {
"StringEquals": {
"aws:ResourceTag/Owner": "${aws:userid}"
}
The policy part works great, if I manually add the Owner tag to the resource, ec2 in this case. Just not sure how to automatically assign the "Owner" tag value in the cloudformation template.
In case it matters, the userId I'd like to assign is an federated SSO user.
Many thanks in advance.
there is no pseudo parameter for the launcher of the stack. The only way this can be achieved currently is utilising a custom resource with lambda. This blog post shows a lambda being used for a similar purpose with service catalog where is inputs the userid into dynamo, you would need to use the output of the lambda into the input for your iam policy
Relevant questions
How to create Quicksight Analysis & Template in CDK
Accepted Answerasked 3 months agoCreate Route via Cloudformation Template
asked 4 months agoIs it possible to use CloudFront Functions with CloudFormation, and have the source code in an external file?
asked 25 days agoHow to declare multi region access point in cloudformation template
asked 13 days agoHave a service running in an ECS cluster dynamically create a new service in the same cluster
asked 18 days agoCloudFormation reference the userId that is running the Template
asked 2 months agoCloudFormation template publishing without creating and publish an AMI
asked 3 years agoCloudFormation stack template failing to receive 1 resource signal during creation of EC2 instance
asked 2 months agoWhat is the CloudFormation equivalent of the "Restricted" user?
asked 3 years agoWorkSpaces build automation with Service Catalog
Accepted Answerasked 2 years ago