Serverless deploy resource does not support attribute type Arn in Fn::GetAtt

Question

Error: The CloudFormation template is invalid: Template error: resource <Policy in serverless.yml> does not support attribute type Arn in Fn::GetAtt

When deploying my project, i get the above error. It seems the Fn:GetAttr happens when converting to CloudFormation as i haven't explicitly defined any usage of that function

functions:
  myfn:
    handler: lambda/handler.my
    role: DataIamPolicy
    environment:
      DynamoTableName: "my-data"

I've previously defined my table as MyData. My policy resource looks like:

DataIamPolicy: 
  Type: AWS::IAM::Policy
  DependsOn: MyData
  Properties:
    PolicyName: "my-data-dynamodb-policy"
    PolicyDocument:
      Version: '2012-10-17'
      Statement:
        - Effect: "Allow"
          Action:
            - "dynamodb:DescribeTable"
            - "dynamodb:GetItem"
          Resource:
            Fn::Join:
              - ""
              - - "arn:aws:dynamodb:::"
                - "Ref" : "MyData"

I thought it may be the resources in the policy but changing that around doesn't seem to help.

Answer 1

So the issue is to do with defining a specific role to your function. by default serverless applies the roles and policies to all functions.

I applied the:

role: DataIamPolicy

Which doesnt work, as in the background it fetches the arn for a policy instead of the role which we hadn't created yet.

You need to set a role with a custom policy for this method to work. ie:

role: DataIamRole