Insert a CloudFormation ImportValue similar to how you can insert a Parameter?

Question

We have a huge VPC CF Template that we use to define our development, staging, and production environments. One of these resources is a Common S3 bucket for use with tasks not directly related to a specific customer. This bucket has an Export named VPCCommonBucket which contains just the bucket name.

I am trying to use this Export value in another stack, referencing that bucket, creating an IAM user that has access to ONLY that bucket, further restricting it to a single directory IN that bucket.

When using a Parameter, I can do something like this:

!Sub "arn:aws:s3:::${BucketName}/prefix/*"

But I cannot find something similar with regard to using Fn::ImportValue/!ImportValue. Is there a way to insert an exported variable into a string as I'm trying to do here? Or is this a matter of needing to go back and alter our main Template to include ANOTHER Export for the Bucket's arn?

Answer 1

You are able to use Fn::ImportValue in conjunction with !Sub in cloudformation templates. However, the intrinsic function reference types and order are important here. As per the AWS Documentation:

You can't use the short form of !ImportValue when it contains a !Sub. Instead, you must use the full function name.

Therefore, structure your template like,

Properties:
    Bucket:
        Fn::Sub:
        - 'arn:aws:s3:::${BucketName}/prefix/*'
        - BucketName: !ImportValue VPCCommonBucket

Also, as your probably aware, to use the import function you must have declared the resource an output in a separate cloudformation template. Here's an AWS provided walk-through if you get stuck.