serverless-operations
diff --git a/‎lib/package/dynamodb/compileIamRoleToDynamodb.js
Lines changed: 1 addition & 1 deletion b/‎lib/package/dynamodb/compileIamRoleToDynamodb.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/package/dynamodb/compileIamRoleToDynamodb.test.js
Lines changed: 3 additions & 3 deletions b/‎lib/package/dynamodb/compileIamRoleToDynamodb.test.js
Lines changed: 3 additions & 3 deletions
diff --git a/‎lib/package/dynamodb/compileMethodsToDynamodb.js
Lines changed: 1 addition & 1 deletion b/‎lib/package/dynamodb/compileMethodsToDynamodb.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/package/dynamodb/compileMethodsToDynamodb.test.js
Lines changed: 5 additions & 5 deletions b/‎lib/package/dynamodb/compileMethodsToDynamodb.test.js
Lines changed: 5 additions & 5 deletions
diff --git a/‎lib/package/eventbridge/compileIamRoleToEventBridge.js
Lines changed: 1 addition & 1 deletion b/‎lib/package/eventbridge/compileIamRoleToEventBridge.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/package/eventbridge/compileIamRoleToEventBridge.test.js
Lines changed: 2 additions & 2 deletions b/‎lib/package/eventbridge/compileIamRoleToEventBridge.test.js
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/package/eventbridge/compileMethodsToEventBridge.js
Lines changed: 1 addition & 1 deletion b/‎lib/package/eventbridge/compileMethodsToEventBridge.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/package/eventbridge/compileMethodsToEventBridge.test.js
Lines changed: 5 additions & 5 deletions b/‎lib/package/eventbridge/compileMethodsToEventBridge.test.js
Lines changed: 5 additions & 5 deletions
diff --git a/‎lib/package/kinesis/compileIamRoleToKinesis.js
Lines changed: 1 addition & 1 deletion b/‎lib/package/kinesis/compileIamRoleToKinesis.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/package/kinesis/compileIamRoleToKinesis.test.js
Lines changed: 2 additions & 2 deletions b/‎lib/package/kinesis/compileIamRoleToKinesis.test.js
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/package/kinesis/compileMethodsToKinesis.js
Lines changed: 1 addition & 1 deletion b/‎lib/package/kinesis/compileMethodsToKinesis.js
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/package/kinesis/compileMethodsToKinesis.test.js
Lines changed: 5 additions & 5 deletions b/‎lib/package/kinesis/compileMethodsToKinesis.test.js
Lines changed: 5 additions & 5 deletions
diff --git a/‎lib/package/s3/compileIamRoleToS3.js
Lines changed: 9 additions & 7 deletions b/‎lib/package/s3/compileIamRoleToS3.js
Lines changed: 9 additions & 7 deletions
diff --git a/‎lib/package/s3/compileIamRoleToS3.test.js
Lines changed: 46 additions & 21 deletions b/‎lib/package/s3/compileIamRoleToS3.test.js
Lines changed: 46 additions & 21 deletions
diff --git a/‎lib/package/s3/compileMethodsToS3.js
Lines changed: 1 addition & 1 deletion b/‎lib/package/s3/compileMethodsToS3.js
Lines changed: 1 addition & 1 deletion
@@ -26,7 +26,7 @@ module.exports = {
         Action: `dynamodb:${action}`,
         Resource: {
           'Fn::Sub': [
-            'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
+            'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
             { tableName }
           ]
         }
 
@@ -96,7 +96,7 @@ describe('#compileIamRoleToDynamodb()', () => {
                     Action: 'dynamodb:PutItem',
                     Resource: {
                       'Fn::Sub': [
-                        'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
+                        'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
                         {
                           tableName: { Ref: 'mytable' }
                         }
@@ -108,7 +108,7 @@ describe('#compileIamRoleToDynamodb()', () => {
                     Action: 'dynamodb:GetItem',
                     Resource: {
                       'Fn::Sub': [
-                        'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
+                        'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
                         {
                           tableName: 'mytable'
                         }
@@ -120,7 +120,7 @@ describe('#compileIamRoleToDynamodb()', () => {
                     Action: 'dynamodb:DeleteItem',
                     Resource: {
                       'Fn::Sub': [
-                        'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
+                        'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',
                         {
                           tableName: 'mytable'
                         }
 
@@ -53,7 +53,7 @@ module.exports = {
       },
       Uri: {
         'Fn::Sub': [
-          'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
+          'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
           { action: http.action }
         ]
       },
 
@@ -146,7 +146,7 @@ describe('#compileMethodsToDynamodb()', () => {
 
     const uri = {
       'Fn::Sub': [
-        'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
+        'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
         {
           action: 'PutItem'
         }
@@ -183,7 +183,7 @@ describe('#compileMethodsToDynamodb()', () => {
 
     const uri = {
       'Fn::Sub': [
-        'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
+        'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
         {
           action: 'GetItem'
         }
@@ -220,7 +220,7 @@ describe('#compileMethodsToDynamodb()', () => {
 
     const uri = {
       'Fn::Sub': [
-        'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
+        'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
         {
           action: 'DeleteItem'
         }
@@ -757,7 +757,7 @@ describe('#compileMethodsToDynamodb()', () => {
               Credentials: { 'Fn::GetAtt': ['ApigatewayToDynamodbRole', 'Arn'] },
               Uri: {
                 'Fn::Sub': [
-                  'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
+                  'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
                   { action: 'PutItem' }
                 ]
               },
@@ -873,7 +873,7 @@ describe('#compileMethodsToDynamodb()', () => {
               Credentials: { 'Fn::GetAtt': ['ApigatewayToDynamodbRole', 'Arn'] },
               Uri: {
                 'Fn::Sub': [
-                  'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',
+                  'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',
                   { action: 'PutItem' }
                 ]
               },
 
@@ -19,7 +19,7 @@ module.exports = {
 
     const policyResource = eventBusNames.map((eventBusName) => ({
       'Fn::Sub': [
-        'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
+        'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
         { eventBusName }
       ]
     }))
 
@@ -83,13 +83,13 @@ describe('#compileIamRoleToEventBridge()', () => {
                     Resource: [
                       {
                         'Fn::Sub': [
-                          'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
+                          'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
                           { eventBusName: { Ref: 'EventBus1' } }
                         ]
                       },
                       {
                         'Fn::Sub': [
-                          'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
+                          'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',
                           { eventBusName: { Ref: 'EventBus2' } }
                         ]
                       }
 
@@ -53,7 +53,7 @@ module.exports = {
       Type: 'AWS',
       Credentials: roleArn,
       Uri: {
-        'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
+        'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
       },
       PassthroughBehavior: 'NEVER',
       RequestParameters: {
 
@@ -69,7 +69,7 @@ describe('#compileMethodsToEventBridge()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
             },
             PassthroughBehavior: 'NEVER',
             RequestParameters: {
@@ -189,7 +189,7 @@ describe('#compileMethodsToEventBridge()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
             },
             PassthroughBehavior: 'NEVER',
             RequestParameters: {
@@ -308,7 +308,7 @@ describe('#compileMethodsToEventBridge()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
             },
             PassthroughBehavior: 'NEVER',
             RequestParameters: {
@@ -687,7 +687,7 @@ describe('#compileMethodsToEventBridge()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
             },
             PassthroughBehavior: 'NEVER',
             RequestParameters: {
@@ -794,7 +794,7 @@ describe('#compileMethodsToEventBridge()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToEventBridgeRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:events:action/PutEvents'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:events:action/PutEvents'
             },
             PassthroughBehavior: 'NEVER',
             RequestParameters: {
 
@@ -19,7 +19,7 @@ module.exports = {
 
     const policyResource = kinesisStreamNames.map((streamName) => ({
       'Fn::Sub': [
-        'arn:aws:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
+        'arn:${AWS::Partition}:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
         { streamName }
       ]
     }))
 
@@ -83,13 +83,13 @@ describe('#compileIamRoleToKinesis()', () => {
                     Resource: [
                       {
                         'Fn::Sub': [
-                          'arn:aws:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
+                          'arn:${AWS::Partition}:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
                           { streamName: { Ref: 'KinesisStream1' } }
                         ]
                       },
                       {
                         'Fn::Sub': [
-                          'arn:aws:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
+                          'arn:${AWS::Partition}:kinesis:${AWS::Region}:${AWS::AccountId}:stream/${streamName}',
                           { streamName: { Ref: 'KinesisStream2' } }
                         ]
                       }
 
@@ -53,7 +53,7 @@ module.exports = {
       Type: 'AWS',
       Credentials: roleArn,
       Uri: {
-        'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:kinesis:action/PutRecord'
+        'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:kinesis:action/PutRecord'
       },
       PassthroughBehavior: 'NEVER',
       RequestTemplates: this.getKinesisIntegrationRequestTemplates(http)
 
@@ -68,7 +68,7 @@ describe('#compileMethodsToKinesis()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToKinesisRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:kinesis:action/PutRecord'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:kinesis:action/PutRecord'
             },
             PassthroughBehavior: 'NEVER',
             RequestTemplates: {
@@ -181,7 +181,7 @@ describe('#compileMethodsToKinesis()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToKinesisRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:kinesis:action/PutRecord'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:kinesis:action/PutRecord'
             },
             PassthroughBehavior: 'NEVER',
             RequestTemplates: {
@@ -293,7 +293,7 @@ describe('#compileMethodsToKinesis()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToKinesisRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:kinesis:action/PutRecord'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:kinesis:action/PutRecord'
             },
             PassthroughBehavior: 'NEVER',
             RequestTemplates: {
@@ -707,7 +707,7 @@ describe('#compileMethodsToKinesis()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToKinesisRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:kinesis:action/PutRecord'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:kinesis:action/PutRecord'
             },
             PassthroughBehavior: 'NEVER',
             RequestTemplates: {
@@ -807,7 +807,7 @@ describe('#compileMethodsToKinesis()', () => {
             Type: 'AWS',
             Credentials: { 'Fn::GetAtt': ['ApigatewayToKinesisRole', 'Arn'] },
             Uri: {
-              'Fn::Sub': 'arn:aws:apigateway:${AWS::Region}:kinesis:action/PutRecord'
+              'Fn::Sub': 'arn:${AWS::Partition}:apigateway:${AWS::Region}:kinesis:action/PutRecord'
             },
             PassthroughBehavior: 'NEVER',
             RequestTemplates: {
 
@@ -12,7 +12,14 @@ function convertToArn(bucket) {
       'Fn::GetAtt': [logicalId, 'Arn']
     }
   } else {
-    return `arn:aws:s3:::${bucket}`
+    return {
+      'Fn::Sub': [
+        'arn:${AWS::Partition}:s3:::${bucket}',
+        {
+          bucket
+        }
+      ]
+    }
   }
 }
 
@@ -40,12 +47,7 @@ module.exports = {
         Effect: 'Allow',
         Action: `s3:${action}*`, // e.g. PutObject*, GetObject*, DeleteObject*
         Resource: {
-          'Fn::Sub': [
-            '${bucket}/*',
-            {
-              bucket: convertToArn(bucket)
-            }
-          ]
+          'Fn::Join': ['', [convertToArn(bucket), '/*']]
         }
       }
     })
 
@@ -103,49 +103,74 @@ describe('#compileIamRoleToS3()', () => {
                     Effect: 'Allow',
                     Action: 's3:PutObject*',
                     Resource: {
-                      'Fn::Sub': [
-                        '${bucket}/*',
-                        {
-                          bucket: 'arn:aws:s3:::myBucket'
-                        }
+                      'Fn::Join': [
+                        '',
+                        [
+                          {
+                            'Fn::Sub': [
+                              'arn:${AWS::Partition}:s3:::${bucket}',
+                              {
+                                bucket: 'myBucket'
+                              }
+                            ]
+                          },
+                          '/*'
+                        ]
                       ]
                     }
                   },
                   {
                     Effect: 'Allow',
                     Action: 's3:GetObject*',
                     Resource: {
-                      'Fn::Sub': [
-                        '${bucket}/*',
-                        {
-                          bucket: 'arn:aws:s3:::myBucket'
-                        }
+                      'Fn::Join': [
+                        '',
+                        [
+                          {
+                            'Fn::Sub': [
+                              'arn:${AWS::Partition}:s3:::${bucket}',
+                              {
+                                bucket: 'myBucket'
+                              }
+                            ]
+                          },
+                          '/*'
+                        ]
                       ]
                     }
                   },
                   {
                     Effect: 'Allow',
                     Action: 's3:DeleteObject*',
                     Resource: {
-                      'Fn::Sub': [
-                        '${bucket}/*',
-                        {
-                          bucket: {
+                      'Fn::Join': [
+                        '',
+                        [
+                          {
                             'Fn::GetAtt': ['MyBucket', 'Arn']
-                          }
-                        }
+                          },
+                          '/*'
+                        ]
                       ]
                     }
                   },
                   {
                     Effect: 'Allow',
                     Action: 's3:PutObject*',
                     Resource: {
-                      'Fn::Sub': [
-                        '${bucket}/*',
-                        {
-                          bucket: 'arn:aws:s3:::myBucketV2'
-                        }
+                      'Fn::Join': [
+                        '',
+                        [
+                          {
+                            'Fn::Sub': [
+                              'arn:${AWS::Partition}:s3:::${bucket}',
+                              {
+                                bucket: 'myBucketV2'
+                              }
+                            ]
+                          },
+                          '/*'
+                        ]
                       ]
                     }
                   }
 
@@ -153,7 +153,7 @@ module.exports = {
       Type: 'AWS',
       Credentials: roleArn,
       Uri: {
-        'Fn::Sub': ['arn:aws:apigateway:${AWS::Region}:s3:path/' + pather, {}]
+        'Fn::Sub': ['arn:${AWS::Partition}:apigateway:${AWS::Region}:s3:path/' + pather, {}]
       },
       PassthroughBehavior: 'WHEN_NO_MATCH',
       RequestParameters: _.merge(requestParams, http.requestParameters)
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ module.exports = {`
`26`	`26`	Action: `dynamodb:${action}`,
`27`	`27`	`Resource: {`
`28`	`28`	`'Fn::Sub': [`
`29`		`- 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
	`29`	`+ 'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
`30`	`30`	`{ tableName }`
`31`	`31`	`]`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ describe('#compileIamRoleToDynamodb()', () => {`
`96`	`96`	`Action: 'dynamodb:PutItem',`
`97`	`97`	`Resource: {`
`98`	`98`	`'Fn::Sub': [`
`99`		`- 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
	`99`	`+ 'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
`100`	`100`	`{`
`101`	`101`	`tableName: { Ref: 'mytable' }`
`102`	`102`	`}`
`@@ -108,7 +108,7 @@ describe('#compileIamRoleToDynamodb()', () => {`
`108`	`108`	`Action: 'dynamodb:GetItem',`
`109`	`109`	`Resource: {`
`110`	`110`	`'Fn::Sub': [`
`111`		`- 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
	`111`	`+ 'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
`112`	`112`	`{`
`113`	`113`	`tableName: 'mytable'`
`114`	`114`	`}`
`@@ -120,7 +120,7 @@ describe('#compileIamRoleToDynamodb()', () => {`
`120`	`120`	`Action: 'dynamodb:DeleteItem',`
`121`	`121`	`Resource: {`
`122`	`122`	`'Fn::Sub': [`
`123`		`- 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
	`123`	`+ 'arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}',`
`124`	`124`	`{`
`125`	`125`	`tableName: 'mytable'`
`126`	`126`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ module.exports = {`
`53`	`53`	`},`
`54`	`54`	`Uri: {`
`55`	`55`	`'Fn::Sub': [`
`56`		`- 'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',`
	`56`	`+ 'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',`
`57`	`57`	`{ action: http.action }`
`58`	`58`	`]`
`59`	`59`	`},`
Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ describe('#compileMethodsToDynamodb()', () => {`
`146`	`146`
`147`	`147`	`const uri = {`
`148`	`148`	`'Fn::Sub': [`
`149`		`- 'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',`
	`149`	`+ 'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',`
`150`	`150`	`{`
`151`	`151`	`action: 'PutItem'`
`152`	`152`	`}`
`@@ -183,7 +183,7 @@ describe('#compileMethodsToDynamodb()', () => {`
`183`	`183`
`184`	`184`	`const uri = {`
`185`	`185`	`'Fn::Sub': [`
`186`		`- 'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',`
	`186`	`+ 'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',`
`187`	`187`	`{`
`188`	`188`	`action: 'GetItem'`
`189`	`189`	`}`
`@@ -220,7 +220,7 @@ describe('#compileMethodsToDynamodb()', () => {`
`220`	`220`
`221`	`221`	`const uri = {`
`222`	`222`	`'Fn::Sub': [`
`223`		`- 'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',`
	`223`	`+ 'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',`
`224`	`224`	`{`
`225`	`225`	`action: 'DeleteItem'`
`226`	`226`	`}`
`@@ -757,7 +757,7 @@ describe('#compileMethodsToDynamodb()', () => {`
`757`	`757`	`Credentials: { 'Fn::GetAtt': ['ApigatewayToDynamodbRole', 'Arn'] },`
`758`	`758`	`Uri: {`
`759`	`759`	`'Fn::Sub': [`
`760`		`- 'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',`
	`760`	`+ 'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',`
`761`	`761`	`{ action: 'PutItem' }`
`762`	`762`	`]`
`763`	`763`	`},`
`@@ -873,7 +873,7 @@ describe('#compileMethodsToDynamodb()', () => {`
`873`	`873`	`Credentials: { 'Fn::GetAtt': ['ApigatewayToDynamodbRole', 'Arn'] },`
`874`	`874`	`Uri: {`
`875`	`875`	`'Fn::Sub': [`
`876`		`- 'arn:aws:apigateway:${AWS::Region}:dynamodb:action/${action}',`
	`876`	`+ 'arn:${AWS::Partition}:apigateway:${AWS::Region}:dynamodb:action/${action}',`
`877`	`877`	`{ action: 'PutItem' }`
`878`	`878`	`]`
`879`	`879`	`},`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ module.exports = {`
`19`	`19`
`20`	`20`	`const policyResource = eventBusNames.map((eventBusName) => ({`
`21`	`21`	`'Fn::Sub': [`
`22`		`- 'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',`
	`22`	`+ 'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',`
`23`	`23`	`{ eventBusName }`
`24`	`24`	`]`
`25`	`25`	`}))`
Original file line number	Diff line number	Diff line change
`@@ -83,13 +83,13 @@ describe('#compileIamRoleToEventBridge()', () => {`
`83`	`83`	`Resource: [`
`84`	`84`	`{`
`85`	`85`	`'Fn::Sub': [`
`86`		`- 'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',`
	`86`	`+ 'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',`
`87`	`87`	`{ eventBusName: { Ref: 'EventBus1' } }`
`88`	`88`	`]`
`89`	`89`	`},`
`90`	`90`	`{`
`91`	`91`	`'Fn::Sub': [`
`92`		`- 'arn:aws:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',`
	`92`	`+ 'arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/${eventBusName}',`
`93`	`93`	`{ eventBusName: { Ref: 'EventBus2' } }`
`94`	`94`	`]`
`95`	`95`	`}`
Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,14 @@ function convertToArn(bucket) {`
`12`	`12`	`'Fn::GetAtt': [logicalId, 'Arn']`
`13`	`13`	`}`
`14`	`14`	`} else {`
`15`		- return `arn:aws:s3:::${bucket}`
	`15`	`+ return {`
	`16`	`+ 'Fn::Sub': [`
	`17`	`+ 'arn:${AWS::Partition}:s3:::${bucket}',`
	`18`	`+ {`
	`19`	`+ bucket`
	`20`	`+ }`
	`21`	`+ ]`
	`22`	`+ }`
`16`	`23`	`}`
`17`	`24`	`}`
`18`	`25`
`@@ -40,12 +47,7 @@ module.exports = {`
`40`	`47`	`Effect: 'Allow',`
`41`	`48`	Action: `s3:${action}`, // e.g. PutObject, GetObject, DeleteObject
`42`	`49`	`Resource: {`
`43`		`- 'Fn::Sub': [`
`44`		`- '${bucket}/*',`
`45`		`- {`
`46`		`- bucket: convertToArn(bucket)`
`47`		`- }`
`48`		`- ]`
	`50`	`+ 'Fn::Join': ['', [convertToArn(bucket), '/*']]`
`49`	`51`	`}`
`50`	`52`	`}`
`51`	`53`	`})`