When writing cloudformation templates, many resources provide ARNS, but referencing dynamodb isn’t that simple. Therefore, this post explains one solution which I’ve found works well – possibly not the biggest or most important news, but I think worthwhile to show a method to retrieve the ARN.

Identifying AWS Resources

Within AWS, resources such as dynamodb tables, S3 buckets etc. are identified with Amazon Resource Names or ARNs. These uniquely identify the resources using a fixed syntax as defined below:

arn:aws:[service]:[region]:[account-id]:[resource-id]

So an ARN for an ec2 instance might look like arn:aws:ec2:eu-west-1:123456789012:instance/i-5434b4c3, whilst a mysql database in rds might be identified as arn:aws:ec2:eu-central-1:1234567689012:db/mysql-db.

References in Cloudformation templates

For many resources we create with cloudformation, we can automatically access an ARN using the Fn::GetAtt function – for example, if we create a role dbeditor, we could retrieve the ARN with Fn::GetAtt[dbeditor, arn]. An example referring to the ARN of an queue can be seen in my post about creating templates with YAML.

Referencing DynamoDB ARNs

Unfortunately, not all resource types have ARNs accessible with Fn::GetAtt, and one of those is dynamodb tables.

Fortunately, since we can easily find the format of these ARNs (described here), we can build the value by using the Fn::Join function which lets us join strings together with specified separators to create a string from the following values

• ‘arn:aws:dynamodb‘ – the fixed namespace for dynamodb resources,
• Ref: AWS::Region – a pseudo value which provides the region where the template is being created,
• Ref: AWS::AccountId – another pseudo value, giving our AWS account id,
• ‘table/‘ + the name of our dynamodb table

Therefore to provide a reference to a dynamodb table in a cloudformation template we could write something like:

Note: the !Join at the end of that snippet is just a short form of the Fn::Join function which I’m using for clarity.