i am quite new to adopting the serverless framework, so i do apologize if this is a simple misconfiguration, however i am unable to get to the bottom of this issue.
i create a stack using the serverless.yml and include a resources.yml file which includes cognitouser pool, dynamodb and so on. when i deploy this stack, it all ends up in the correct region in eu-west-2 which is specifeid in the provider section in yml.
this is my problem:
notesTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: notes-${self:provider.stage}
BillingMode: PAY_PER_REQUEST
AttributeDefinitions:
- AttributeName: notesId
AttributeType: S
KeySchema:
- AttributeName: notesId
KeyType: HASH
createNote:
handler: handler.createNote
environment:
NOTES_TABLE_NAME: !Ref notesTable
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:PutItem
Resource: !GetAtt notesTable.Arn
when i then go to call this api endpoint i get the error : User arn:aws:sts:accountno:assumed-role/lambdarole/createNote is not authorised to perform put item on resourse :
arn:aws:dynamodb:us-east-1:… and so on
so as you can see the arn its looking at is the wrong region, but everything else is correct in eu-west-2, so i dont understand how this is wrong but everything else is ok?
even when i go looking at the dynamodb arn it is correct and the policy is eu-west-2, im not sure if this role even exists, so im starting to think maybe the serverless defaults this to us-east-1 and i need to override this somehow?
thanks in advance!!