Stephane Stephane - 2 months ago 25
YAML Question

CloudFormation: How to use AWS::AccountId in Mappings?

I have a mapping that looks like this:

Mappings:
AccountToParams:
aws-1234567890:
sshSecurityGroup: sg-abcedf12


And I'd like to retrieve my variables by AccountId, but this doesn't get past the "validation" step

SecurityGroups:
- !FindInMap [AccountToParams, !Sub "aws-${AWS::AccountId}", sshSecurityGroup]


Error is

16/08/2017, 16:36:18 - Template contains errors.: Template error:
every Fn::FindInMap object requires three parameters,
the map name, map key and the attribute for return value


The goal is to have some configuration driven by the account (hence environment) this is run under. And I can't seem to use the accountId as the key in the mapping, otherwise AWS isn't happy because it doesn't contain alphanumeric chars

Raf Raf
Answer Source

Change the map to:

Mappings:
  AccountToParams:
    "1234567890":
      sshSecurityGroup: sg-abcedf12

and use !Ref instead of !Sub:

SecurityGroupIds:
    - !FindInMap [AccountToParams, !Ref "AWS::AccountId", sshSecurityGroup]

Use FN::Join to prepend "aws" string to account ID if that's required further down the stack.