Hey all,
I searched all over but couldn’t find the answer to the following problem: I am creating a role in resources whose ARN I need to address in a function.
Using !Ref roleForSomething doesn’t work, as it references the name, not the ARN, which AWS doesn’t like. I have a solution that’s working for AWS but unfortunately Serverless can’t make sense of it (business case is using async Textract when a file is uploaded in S3 and then doing something when Textract is finished, which we know by subscribing to a SNS topic that Textract has to publish to:
functions:
ocr:
handler: handler.ocr
events:
- s3:
bucket: ${self:custom.bucket}
event: s3:ObjectCreated:*
existing: true
environment:
SNS_TOPIC: !Ref textractTopic
SNS_ROLE:
'Fn::GetAtt': ['iamRole', 'Arn']
handler.doSomething:
handler: handler.doSomething
events:
- sns:
arn: !Ref textractTopic
topicName: ${self:custom.sns-topic}
resources:
Resources:
textractTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: ${self:custom.sns-topic}
iamRole:
Type: AWS::IAM::Role
Properties:
RoleName: ${self:custom.role-name}
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- textract.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: textratct-sns-publishing
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- sns:*
Resource:
- !Ref textractTopic
How du I replace this:
environment:
SNS_ROLE:
'Fn::GetAtt': ['iamRole', 'Arn']
with something that works for Serverless?
Thank you!
Michael