LambdaRole: 
    Type: AWS::IAM::Role 
    Properties: 
      AssumeRolePolicyDocument: 
        Version: '2012-10-17' 
        Statement: 
        - Effect: Allow 
          Principal: {Service: [lambda.amazonaws.com]} 
          Action: ['sts:AssumeRole'] 
      Path: / 
      RoleName: !Sub "${Lambda}Role" 
      ManagedPolicyArns: 
      - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" 
      Policies: 
      - PolicyName: "CanAccessDynamoDB" 
        PolicyDocument: 
          Version: '2012-10-17' 
          Statement: 
          - Effect: Allow 
            Action: 
            - 'dynamodb:GetItem'
            - 'dynamodb:BatchGetItem'
            - 'dynamodb:Scan'
            - 'dynamodb:PutItem'
            Resource:
            - !Ref "TableARN"