Intrinsic function for constructing ARNs

[benkehoe]

ARNs are a pain to create. They aren't always provided (see aws-cloudformation/cloudformation-coverage-roadmap#68), and they all have slightly different formats. We should have a function that assembles ARNs for us. I imagine a syntax like:

{
  "Fn::Arn": {
    "Service": "s3",
    "Resource": "bucket/my-bucket",
    "Account": false,
    "Region": false
  }
}

Resource can be a string or a list, which will get Fn::Join'd by the empty string. If Account is true, it will use the AWS::AccountId pseudoparameter, if false, it will be omitted, and if it's a string, the value will be used. Similar for Region.

What I'd really like is for the user to not have to provide Account and Region for most ARNs. Make them optional, and know the rules. CloudFormation should know that S3 buckets don't have accounts or regions. It's not that hard to build such a thing. And if it's not 100% up to date, users can specify explicitly.

[lejiati]

@benkehoe Thank you very much for your feedback! Since this repository is focused on resource coverage, I'm transferring this issue over to a new GitHub repository dedicated to CloudFormation template language issues.

[bjorg]

I would recommend the function contains an action verb as well, such as Fn::MakeArn.

When I first read the issue title, I thought this was going to fix the pain of knowing when I need to use Ref vs. Fn::GetAtt to get the ARN of a resource. That would be Fn::GetArn instead.

So, for ease of disambiguation of intent, let's always prefix functions with verbs.

[benkehoe]

That's a good point, I've changed the title.