In my AWS account, I am building a new Cloudformation template that creates new policies, and I want to attach those to a few existing roles in the account. Here is how I have been trying to reference them:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Names of existing roles to which the restrictive policies need added",
"Parameters": {
"AdditionalExecutionRoleParameter": {
"Type": "AWS::IAM::Role",
"Default": "CloudOps"
}
},
"Resources": { (and so on)
Then down in the section below the new policies, I have been trying to reference these existing roles ("AdditionalExecutionRoleParameter" in this case) and attach the policies to them using the Roles parameter. However, I keep getting a "failed to retrieve external values" error when trying to deploy the CloudFormation template... I've tried inputting "CloudOps", which is the role name, as the parameter "Default", and I've also tried inputting the role ARN there... nothing is working.
Well... what I ended up doing is something as simple as this, which works fine...
"Parameters": {
"RoleNameRoleParameter": {
"Type": "String",
"Default": "RoleNameRole"