区分Shell变量和Cloudformation模板参数

我遇到了一个用例，我看到Shell Variables和Cloudformation Parameters之间存在冲突。

的例子:

我在写AWS::ImageBuilder::Component

Parameters:
cloudVersion:
Type: String
Default: "1.10.11"
Description: Cloud Version to release
Resources:
CloudInstallComponent:
Type: AWS::ImageBuilder::Component
Properties:
Name: CloudAMI
Version: !Ref cloudVersion
Description: Install the latest cloud.
ChangeDescription: Cloud First version
Platform: Linux
Data: !Sub |
name: DeployCloudComponents
description: This is to deploy cloud components.
schemaVersion: 1.0
phases:
- name: build
steps:
- name: CreateUser
action: ExecuteBash
inputs:
commands:
- "Creating New User cloud"
- export GroupID=7560
- export UserID=7560
- export USER=cloud
- sudo groupadd --gid ${GroupID} ${USER}
- sudo useradd --uid ${UserID} --gid ${GroupID} --create-home --shell /bin/bash ${USER}
- sudo usermod -G wheel ${USER}
- |-
echo "${USER}    ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers
- sudo wget -O a.tgz 'abc.net/mg/api/v1/help/${cloudVersion}/on/download/a.tgz'

现在，上面的代码片段GroupID,UserID和USER是shell变量，cloudVersion是cloudformation参数。

问题是如何区分它们?

我在cfn-linter中看到如下错误

Error   Cfn-Lint    Parameter GroupID for Fn::Sub not found at Resources/CloudInstallComponent/Properties/Data/Fn::Sub  160:7
Error   Cfn-Lint    Parameter USER for Fn::Sub not found at Resources/K2CloudInstallComponent/Properties/Data/Fn::Sub   160:7
Error   Cfn-Lint    Parameter UserID for Fn::Sub not found at Resources/K2CloudInstallComponent/Properties/Data/Fn::Sub 160:7

我可以用三个shell变量作为cloudformation参数来解决歧义。

但如果有人能提出一种现有的方法来区分这两种变量，那就太好了。

提前感谢。