[Enhancement] Support for CloudFormation Pseudo Parameters

[varun656]

Is your feature request related to a problem? Please describe.
Validating Policies like :

      - Effect: Deny
        Principal: 
          AWS: "*"
        Action:
          - "s3:*"
        Resource:
          - Fn::Sub: "arn:${AWS::Partition}:s3:::local-${AWS::AccountId}-logs-${AWS::Region}/*"

Validation Output :

"Clause": {
  "Binary": {
      "context": " Resource[*] EQUALS  \"*\"",
      "messages": {
        "custom_message": "",
        "error_message": "Check was not compliant as property value [Path=/Resources/rLocalLogAggregregationBucketPolicy/Properties/PolicyDocument/Statement/0/Resource/0[L:337,C:16] Value={\"Fn::Sub\":\"arn:${AWS::Partition}:s3:::local-${AWS::AccountId}-logs-${AWS::Region}/*\"}] not equal to value [Path=[L:0,C:0] Value=\"*\"]. Error = [PathAwareValues are not comparable map, String]"
      },
      "check": {
        "Resolved": {
            "from": {
              "path": "/Resources/rLocalLogAggregregationBucketPolicy/Properties/PolicyDocument/Statement/0/Resource/0",
              "value": {
                  "Fn::Sub": "arn:${AWS::Partition}:s3:::local-${AWS::AccountId}-logs-${AWS::Region}/*"
              }
            },

Describe the solution you'd like

Support for CloudFormation Pseudo Parameters like ${AWS::Partition} to validate CloudFormation templates using cfn-guard

[joshfried-aws]

Hey @varun656 would like to hear more about how users would want to use this. Would it be best to set these values via a configuration file vs hooking into the aws sdk and attempting to resolve them via the defaults?

I'm also wondering whether users would rather work with a command that spits out a new template with these values resolved, which they can then feed to the guard engine.