'CloudFormation Cyclic dependency

I am creating a KMS key using a CloudFormation template which is then used to create an IAM role in another template since it references the KMS key. The stack that creates the KMS key needs to be updated to add the IAM role to the KMS key policy. The KMS policy cannot be set on creation since the IAM role doesnt exist. Is there a way to reference an existing resource in CF templates without manually updating the stack?



Solution 1:[1]

You can make use of Fn:ImportValue to get required data from another cloud formation template.

Your template A will create KMS key and outputs the ARN of the KMS Key.

Your template B, which creates IAM Role, will take the KMS Key as input using the Fn::ImportValue.

Hope this helps.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Pablissimo

Related Questions

Why my cloudformation template is over 1 MB?

How to install external modules in a Python Lambda Function created by AWS CDK?

AWS SAM - How can create an API event for a FunctionAlias?

AWS/Cloudformation: How to export/import parameter value to another stack (YAML)

Passing parameters of type List<AWS::EC2::Subnet::Id> to nested CloudFormation template

How to enable Cloudwatch logging for AWS API GW via Cloudformation template

What is the difference between Elastic Beanstalk and CloudFormation for a .NET project?

User is not authorized to perform: SNS:CreateTopic on resource

How to set environment variables according to stage in cloud formation template

Is it possible to statically specify AWS::StackName inside a cloudformation template?

Unable to fetch paramters (Param Value) from parameter store for this account

Logging for public hosted zone Route53

Creating a VPC Interface Endpoint for SQS in Cloud Formation

Why won't my content security policy deploy to CloudFront?

Serverless-framework, when does the API Gateway URL change?