DynamoDB Trigger

While creating dynamod stream via serverless we are getting below error
Serverless Error ---------------------------------------
An error occurred: IamRoleLambdaExecution - The policy failed legacy parsing (Service:
AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicy
Document; Request ID: 2ef8eff1-5a80-11e8-a9a4-65fc1d91e8d7).

and our serverless.yml file looks like this

service: dynamodb-trigger-service
provider:
  name: aws
  runtime: nodejs8.10
  stage: dev
  region: us-east-1
  environment:
    PARENT_DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage}_parent
    CHILD_DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage}_child
     
  iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:DescribeStream
        - dynamodb:GetRecords
        - dynamodb:GetShardIterator
        - dynamodb:ListStreams
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:#{AWS.AccountId}:table/${self:provider.environment.PARENT_DYNAMODB_TABLE}/stream/*"
          
    - Effect: Allow
      Action:
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: "arn:aws:dynamodb:${opt:region, self:provider.region}:#{AWS.AccountId}:table/${self:provider.environment.CHILD_DYNAMODB_TABLE}"
package:
  exclude:
    - node_modules/@types/**
    - node_modules/@serverless/**
    - '@types/**'
  include:
    - src/**
    - '!src/**/*.spec.ts'
plugins:
  - serverless-plugin-typescript
  - serverless-offline
functions:
  events_trigger:
    handler: src/events/index.trigger
    events:
      - stream: arn:aws:dynamodb:${opt:region, self:provider.region}:#{AWS.AccountId}:table/${self:provider.environment.PARENT_DYNAMODB_TABLE}/stream/*
resources:
  Resources:
    parentTable:
      Type: 'AWS::DynamoDB::Table'
      DeletionPolicy: Delete
      Properties:
        AttributeDefinitions:
          - 
            AttributeName: identifier
            AttributeType: S
        KeySchema:
          - 
            AttributeName: identifier
            KeyType: HASH
        ProvisionedThroughput:
          ReadCapacityUnits: 5
          WriteCapacityUnits: 5
        StreamSpecification:
          StreamViewType: NEW_AND_OLD_IMAGES  
        TableName: ${self:provider.environment.PARENT_DYNAMODB_TABLE}
    childTable:
      Type: 'AWS::DynamoDB::Table'
      DeletionPolicy: Delete
      Properties:
        AttributeDefinitions:
          - 
            AttributeName: identifier
            AttributeType: S
        KeySchema:
          - 
            AttributeName: identifier
            KeyType: HASH
        ProvisionedThroughput:
          ReadCapacityUnits: 5
          WriteCapacityUnits: 5
        TableName: ${self:provider.environment.CHILD_DYNAMODB_TABLE}  

Any help is appritiated .

1 Like

Ran into this myself and found this github issue` to be of some help.

TLDR:

trying to reference {AWS::Region} and {AWS::AccountId} resulting in legacy parsing error during cloudformation load. work around was using !Join and !Ref

I suspect you’ve copied #{AWS.AccountId} from somewhere that was using the serverless-pseudo-parameters plugin. Try adding that plugin.

[rasool] Did yiu have any luck make your serverless.yml work? I am trying look for exactly the same process to use dynamoDB stream and I am not finding any support.

Regards.