Resources: MyRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Action: sts:AssumeRole Principal: Service: lambda.amazonaws.com ManagedPolicyArns: - arn:{AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole MyFunction: Type: AWS::Lambda::Function Properties: Role: !GetAtt MyRole.Arn Runtime: nodejs14.x Handler: index.handler Code: ZipFile: | const AWS = require('aws-sdk'); exports.handler = async (event) => { console.log(JSON.stringify(event)); const docClient = new AWS.DynamoDB.DocumentClient(); await docClient.scan({ TableName: process.env.TABLE_NAME, }).promise(); }; Environment: Variables: TABLE_NAME: !Ref MyTable MyServerlessFunction: Type: AWS::Serverless::Function Properties: Runtime: nodejs14.x Handler: index.handler InlineCode: | const AWS = require('aws-sdk'); exports.handler = async (event) => { console.log(JSON.stringify(event)); const docClient = new AWS.DynamoDB.DocumentClient(); await docClient.scan({ TableName: process.env.TABLE_NAME, }).promise(); }; Environment: Variables: TABLE_NAME: !Ref MyTable MyTable: Type: AWS::DynamoDB::Table Properties: BillingMode: PAY_PER_REQUEST AttributeDefinitions: - AttributeName: Id AttributeType: S KeySchema: - AttributeName: Id KeyType: HASH MyConnector: Type: AWS::Serverless::Connector Properties: Source: Id: MyFunction Destination: Id: MyTable Permissions: - Read - Read MyConnectorWithTableArn: Type: AWS::Serverless::Connector Properties: Source: Id: MyServerlessFunction Destination: Type: AWS::DynamoDB::Table Arn: !GetAtt MyTable.Arn Permissions: - Read MyConnectorWith2ACs: Type: AWS::Serverless::Connector Properties: Source: Id: MyFunction Destination: Type: AWS::DynamoDB::Table Arn: !GetAtt MyTable.Arn Permissions: - Read - Write MyConnectorWithRoleName: Type: AWS::Serverless::Connector Properties: Source: Type: AWS::Lambda::Function Arn: !GetAtt MyFunction.Arn RoleName: !Ref MyRole Destination: Type: AWS::DynamoDB::Table Arn: !GetAtt MyTable.Arn Permissions: - Read