Resources:
  MyRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Action: sts:AssumeRole
          Principal:
            Service: lambda.amazonaws.com
      ManagedPolicyArns:
      - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

  TriggerFunction:
    Type: AWS::Lambda::Function
    Properties:
      Role: !GetAtt MyRole.Arn
      Runtime: nodejs14.x
      Handler: index.handler
      Code:
        ZipFile: |
          const AWS = require('aws-sdk');
          exports.handler = async (event) => {
            console.log(JSON.stringify(event));
            const docClient = new AWS.DynamoDB.DocumentClient();
            try {
              const response = await docClient.scan({ TableName: process.env.TABLE_NAME, }).promise();
              return response
            }
            catch (err) {
              throw new Error('Failed to scan DynamoDb Table')
            }
          };
      Environment:
        Variables:
          TABLE_NAME: !Ref MyTable

  MyTable:
    Type: AWS::DynamoDB::Table
    Properties:
      BillingMode: PAY_PER_REQUEST
      AttributeDefinitions:
      - AttributeName: Id
        AttributeType: S
      KeySchema:
      - AttributeName: Id
        KeyType: HASH

  MyReadConnector:
    Type: AWS::Serverless::Connector
    Properties:
      Source:
        Id: TriggerFunction
      Destination:
        Id: MyTable
      Permissions:
      - Read
Metadata:
  SamTransformTest: true