I am trying to create a AWS SAM template.yaml to create a lambda accessing a DynamoDB table resource and define the IAM permissions of this lambda.
I want the table name to be in an environment variable and I want it to be different depending on the development state (dev-prod etc).
However I cannot find a way to define the permission ARN. I have the following template:
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Lambda to API-Gateway endpoints mapper for Pantrimony
Parameters:
stage:
Type: String
Default: dev
region:
Type: String
Default: eu-central-1
Globals:
Function:
Environment:
Variables:
VICTUALS_TABLE: !Sub "Victuals-${stage}"
Resources:
GetVictuals:
Type: 'AWS::Serverless::Function'
Properties:
Handler: Pantrymony.back::Pantrymony.back.Lambda.ApiFunctions::GetVictuals
Runtime: dotnet6
Description: Lambda handler for API Gateway
MemorySize: 512
Timeout: 60
Events:
GetVictualsApi:
Type: Api
Properties:
Path: /victuals
Method: get
Policies:
- Statement:
- Sid: DescribeTablesPolicy
Effect: Allow
Action:
- dynamodb:DescribeTable
Resource: !Sub 'arn:aws:dynamodb:eu-central-1:926574008145:table/${self:Globals.Function.Environment.Variables.VICTUALS_TABLE}'
How can I reference a Globals variable in the rest of the template yaml. As you can see I tried the ${self:...} term which is working for templates in the Serverless-framwork (for variables defined in provider.environment...) but in AWS-SAM it doesn't seem to work. Is there another way to define some global variable which will be accessible throughout the template?
