Fn::ForEach enhancement to create list parameters

[kothapet]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request

What do you want us to build?

I want the ability to create list parameters with Fn::ForEach language extension. So instead of outputkey:outputValue, ability to specify just the value and that should result in an list of values.
And value could be a object.

syntax may be similar to something like

'Fn::ForEach::UniqueLoopName':
    - Identifier
    - - Value1 # Collection
      - Value2
    - OutputValue

See example

Tell us about the problem you are trying to solve. What are you trying to do, and why is it hard?

What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now?
What is the impact of not having this problem solved? The more details you can provide, the better we will be able to understand and solve the problem.

Are you currently working around this issue?

How are you currently solving this problem?

No easy solution but to hardcode pass separate parameters.

What is the expected behavior with this new feature

Please include some code examples showing how this feature can be used.

E.g. I want to create a security group with dynamic list of ingress or egress rules.
CF should something like this

Parameters:
#
  CidrBlockList:
    Type: CommaDelimitedList
    Default: "10.0.0.0/24,10.0.10.0/24,10.0.20.0/24"
#
Resources:
#        
  TestSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupName: some-group
      GroupDescription:  This is a test security group 
      VpcId: vpc-xxxxxx
      SecurityGroupIngress:
        'Fn::ForEach::IngressRule':
          - 'CidrBlock'
          - !Ref CidrBlockList
          - Description: !Sub "Allow TLS 1234 MSK IAM connections from ${CidrBlock}"
            IpProtocol: tcp
            FromPort: 1234
            ToPort: 1234
            CidrIp: !Sub "${CidrBlock}"

And it should produce

Resources:
#        
  TestSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupName: some-group
      GroupDescription:  This is a test security group 
      VpcId: vpc-xxxxxx
      SecurityGroupIngress:
        - Description: !Sub "Allow TLS 1234 MSK IAM connections from 10.0.0.0/24"
          IpProtocol: tcp
          FromPort: 1234
          ToPort: 1234
          CidrIp: 10.0.0.0/24
        - Description: !Sub "Allow TLS 1234 MSK IAM connections from 10.0.10.0/24"
          IpProtocol: tcp
          FromPort: 1234
          ToPort: 1234
          CidrIp: 10.0.10.0/24
        - Description: !Sub "Allow TLS 1234 MSK IAM connections from 10.0.20.0/24"
          IpProtocol: tcp
          FromPort: 1234
          ToPort: 1234
          CidrIp: 10.0.20.0/24

Additional context

Anything else we should know?

Attachments

If you think you might have additional information that you would like to include via an attachment,
please do - we will take a look. (Remember to remove any personally-identifiable information.)