I’m getting the error Template error: Fn::Equals cannot be partially collapsed. I’ve searched for others with similar issues and haven’t been able to find anything. The Fn::Equals is part of a condition of attaching a SNS Topic Policy to an S3 bucket the code is here.
S3BucketFailedEmails:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: ${self:provider.environment.AWS_INVALIDBUCKET_NAME}
AccessControl: Private
NotificationConfiguration:
TopicConfigurations:
- Topic: <topic arn>
Event: s3:ObjectCreated:Put
DependsOn: SNSTopicPolicy
SNSTopicPolicy:
Type: "AWS::SNS::TopicPolicy"
Properties:
PolicyDocument:
Id: "MyTopicPolicy"
Version: "2012-10-17"
Statement:
Sid: "Statement-id"
Effect: "Allow"
Principal:
AWS: "*"
Action: "sns:Publish"
Resource: <Resource arn>
Condition:
Fn::Equals:
- ${opt:stage}
- "prod"
Topics:
- <topic arn>
If anyone has any ideas of how to solve this or has an alternate way to attach a policy if deploying on prod let me know.
Thanks
@WanderingBrooks I’m a novice when it comes to conditions, but I think you need to define the conditions in a separate Conditions block, then you can refer to a particular condition within different resources.
Adopting your example, it’d be something like this:
# serverless.yml
resources:
Conditions: <-- Define conditions here
CreateProdResources:
Fn::Equals:
- ${opt:stage}
- "prod"
Resources:
SNSTopicPolicy:
Type: "AWS::SNS::TopicPolicy"
Condition: "CreateProdResources" <-- Use conditions here
Properties:
PolicyDocument:
Id: "MyTopicPolicy"
Version: "2012-10-17"
Statement:
Sid: "Statement-id"
Effect: "Allow"
Principal:
AWS: "*"
Action: "sns:Publish"
Resource: <Resource arn>
Topics:
- <topic arn>
Please let me know if that works. The documentation I used is here.
That doesn’t work unfortunately the problem is in the Fn::Equals itself. If I use this as the condition instead
Condition:
ArnLike:
aws:SourceArn: <my bucket arn>
it will deploy there must be something odd with Fn::Equals or the way I was formatting it.
Ahh yep, I misread that it was an IAM condition. So there are two different concepts here:
-
A CloudFormation Condition allows you to optionally create a resource within CloudFormation if certain conditions are met;
-
An IAM Condition limits the granted access to resources which meet the given conditions.
The Fn::Equals is for the former, while ArnLike is for the latter. Docs on IAM Conditions are here.
1 Like
I figured out what the problem was I was assuming that it was the same as a condition for IAM. However this condition is for checking the arn or things like that. I found that here. I found a way around it thanks for your help
1 Like
I ran into the same error, because I inappropriately placed the Condition element at the wrong level (inside the Properties tag, but it should be at the top tag of the Resource)