AWS::EC2::TrafficMirrorTarget - Arn accessible via Fn::GetAtt

[akunszt]

1. Title

AWS::EC2::TrafficMirrorTarget - Arn accessible via Fn::GetAtt

2. Scope of request

We want to share a TrafficMirrorTarget between our accounts. The AWS::RAM::ResourceShare accepts only ARNs so we have to assemble the ARN of the TrafficMirrorTarget manually (and hoping that the template won't change without any notice in the future). It's a snippet from an AWS::RAM::ResourceShare resource.

"ResourceArns": [
  {
    "Fn::Sub": [
      "arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:traffic-mirror-target/${MirrorTargetId}",
      { "MirrorTargetId": { "Ref": "MirrorTarget" } }
    ]
  }
]

It would be much more easier - and future proof - if we can fetch the ARN directly.

"ResourceArns": [
  { "Fn::GetAtt": [ "MirrorTarget", "Arn" ] }
]

3. Expected behavior

Get back the ARN.

4. Suggest specific test cases

N/A

5. Helpful Links to speed up research and evaluation

N/A

6. Category

Networking

7. Any additional context

N/A

[PatMyron]

@akunszt good work on the workaround. One way to future proof it a bit more is the usage of the AWS::Partition pseudoparameter as described in: https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/68#issuecomment-548926406 https://stackoverflow.com/a/59362496/4122849

      "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:traffic-mirror-target/${MirrorTargetId}",

[phil-lavin]

+1 for ARN being available via Fn::GetAtt

Thanks for the workaround - I had figured the solution was something like this but TMTs don't seem to openly advertise their ARN in AWS console or CLI