By using AWS re:Post, you agree to the Terms of Use
/CloudFormation reference the userId that is running the Template/

CloudFormation reference the userId that is running the Template


My usecase consists of a user launching a cloudformation template via Service Catalog to create an ec2 instance. I would like the CFN template to create a tag key called "Owner" and assign the userid who launched the CFN to the tag value.
I use this "Owner" tag in a custom policy to provide permissions based on this condition: "Condition": { "StringEquals": { "aws:ResourceTag/Owner": "${aws:userid}" } The policy part works great, if I manually add the Owner tag to the resource, ec2 in this case. Just not sure how to automatically assign the "Owner" tag value in the cloudformation template. In case it matters, the userId I'd like to assign is an federated SSO user. Many thanks in advance.

1 Answers

there is no pseudo parameter for the launcher of the stack. The only way this can be achieved currently is utilising a custom resource with lambda. This blog post shows a lambda being used for a similar purpose with service catalog where is inputs the userid into dynamo, you would need to use the output of the lambda into the input for your iam policy

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions