Parameters:
  SomeParameter:
    Type: String
Conditions:
  SomeCondition: !Equals [!Ref SomeParameter, true]
Resources:
  MyQueue:
    Type: AWS::SQS::Queue
  MyManagedPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument: {}
  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      Runtime: python3.8
      Handler: foo
      InlineCode: bar
      Policies:
      # Valid AWS managed policy name (converted to ARN)
      - AmazonS3FullAccess
      - AmazonAPIGatewayPushToCloudWatchLogs
      # Unknown managed policy name (pass-through)
      - AnyNonOfficialManagedPolicy
      # ARN (pass-through)
      - arn:aws:iam::aws:policy/ThisIsPassedThroughAsIs
      - arn:aws-cn:iam::aws:policy/ThisIsAlsoPassedThrough
      - arn:looks:like::an/arn-also-passed-through
      # Intrinsic (pass-through)
      - !Sub "${MyQueue}WhateverPassThrough"
      - !If [SomeCondition, !Ref MyManagedPolicy, !Ref MyManagedPolicy]
      # Policy template (added to Policies property of Role)
      - SQSPollerPolicy:
          QueueName: !Ref MyQueue
      # Dynamic references (pass-through)
      # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
      - '{{resolve:ssm:passedthrough:2}}'
      # Inline statement (added to Policies property of Role)
      - {Statement: {Effect: Allow, Action: '*', Resource: '*'}}

  MyStateMachine:
    Type: AWS::Serverless::StateMachine
    Properties:
      DefinitionUri: s3://foo/bar
      Policies:
      # Valid AWS managed policy name (converted to ARN)
      - AmazonS3FullAccess
      - AmazonAPIGatewayPushToCloudWatchLogs
      # Unknown managed policy name (pass-through)
      - AnyNonOfficialManagedPolicy
      # ARN (pass-through)
      - arn:aws:iam::aws:policy/ThisIsPassedThroughAsIs
      - arn:aws-cn:iam::aws:policy/ThisIsAlsoPassedThrough
      - arn:looks:like::an/arn-also-passed-through
      # Intrinsic (pass-through)
      - !Sub "${MyQueue}WhateverPassThrough"
      - !If [SomeCondition, !Ref MyManagedPolicy, !Ref MyManagedPolicy]
      # Policy template (added to Policies property of Role)
      - SQSPollerPolicy:
          QueueName: !Ref MyQueue
      # Dynamic references (pass-through)
      # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
      - '{{resolve:ssm:passedthrough:2}}'
      # Inline statement (added to Policies property of Role)
      - {Statement: {Effect: Allow, Action: '*', Resource: '*'}}