Как я могу вывести роль IAM и использовать ее в другом стеке?

Question

У меня есть два стека, которые называются "createIAMRole" , "createElasticSearch" и "createLambda" . Я хочу использовать IAM Role ARN из первого стека с именем "createIAMRole" в обоих "createElasticSearch" и "createLambda" .

createIAMRole

AWSTemplateFormatVersion: '2010-09-09'
Description: >
  blah.

Resources:
  myIAMRole:
    Type: AWS::IAM::Role
    Properties:
      ..
      ..
      Policies:
        - PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - dynamodb:*
                Resource: "*"
          PolicyName: "myIAMRolePolicy"

Outputs:
  myIAMRole:
    Description: myIAMRole to use Stacks
    Value: !Ref myIAMRole

"createElasticSearch"

Resources:
  ElasticsearchDomain:
    Type: AWS::Elasticsearch::Domain
    Properties:
      ..
      ..
      AccessPolicies:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              AWS: 
                - >>> THERE IS I WANT TO ADD <<<
            Action: "es:*"
            Resource: "*"
      AdvancedOptions:
        rest.action.multi.allow_explicit_index: "true"

Пожалуйста, дайте мне знать, как это сделать, спасибо.

Answer 1

For the createIAMRole you need to export the output: 
Outputs:   myIAMRole:
    Description: myIAMRole to use Stacks
    Value: !Ref myIAMRole
    Export:
      Name: myIAMRole

And for the createElasticSearch you need to "ImportValue": 
Fn::ImportValue:
   !Sub "${myIAMStackName}-myIAMRole"

More Information: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html