Cloudformation Template error: every Fn::GetAtt object requires two non-empty parameters

Question

I have made a nested cloudformation stack that in this case references a Lambda child stack. Because I have multiple LambdaFunctions, I designed the LambdaFunction resource in the Lambda child template such that it can repeat the same actions across all the Lambda Functions specified in the Parent template.

However, I get the following error once I execute create-stack: Template error: every Fn::GetAtt object requires two non-empty parameters, the resource name and the resource attribute, which is pointing to the Lambda Child template.

I tried adding a DependsOn clause in which I listed all the LambdaExecutionRoles, since the LambdaFunction references those, but that didn't appear to resolve the issue. So something is either going wrong with taking in the LambdaName parameter or grabbing the Arn. Any thoughts?

Portion of Parent template:

AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  AlignmentLambdaFuncS3BucketName:
    Type: String
  AlignmentLambdaFuncS3KeyName:
    Type: String
  AlignmentLambdaFuncModuleName:
    Type: String
  HaploLambdaFuncS3BucketName:
    Type: String
  HaploLambdaFuncS3KeyName:
    Type: String
  HaploLambdaFuncModuleName:
    Type: String

Resources:
  AlignmentLambdaFunction:
    Type: "AWS::CloudFormation::Stack"
    Properties:
      Parameters:
        LambdaName: Alignment
        BucketName: LambdaFuncS3BucketName
        S3KeyName: LambdaFuncS3KeyName
        ModuleName: LambdaFuncModuleName
      TemplateURL: https://s3.amazonaws.com/CFNTemplate/lambda_resources.stack.yaml
      TimeoutInMinutes: 1

  HaploLambdaFunction:
    Type: "AWS::CloudFormation::Stack"
    Properties:
      Parameters:
        LambdaName: Haplo
        BucketName: LambdaFuncS3BucketName
        S3KeyName: LambdaFuncS3KeyName
        ModuleName: LambdaFuncModuleName
      TemplateURL: https://s3.amazonaws.com/CFNTemplate/lambda_resources.stack.yaml
      TimeoutInMinutes: 1

Portion of Lambda child template:

AWSTemplateFormatVersion: '2010-09-09'
Description: lambda function and execution role stack.
Parameters:
  LambdaName:
    Type: String
  BucketName:
    Type: String
  S3KeyName:
    Type: String
  ModuleName:
    Type: String
  KMSAdminUserARN:
    Type: String
  KMSEndUserARN:
    Type: String

Resources:
  LambdaFunction: 
    Type: "AWS::Lambda::Function"
    Properties:
      Handler: !Sub '${LambdaName}-{ModuleName}.handler'
      Role:
        Fn::GetAtt: [ !Sub '${LambdaName}LambdaExecutionRole', Arn ]
      Code:
        S3Bucket: !Sub '${LambdaName}{BucketName}'
        S3Key: !Sub '${LambdaName}{S3KeyName}'
      Runtime: "python3.6"



  AlignmentLambdaExecutionRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: CanListBuckets
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "s3:GetBucketLocation"
                  - "s3:ListAllMyBuckets"
                Resource: "arn:aws:s3:::*"
        - PolicyName: CanCallBatch
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "batch:*"
                Resource: "*"
        - PolicyName: CanLog
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - logs:*
              Resource: arn:aws:logs:*:*:*

  HaploLambdaExecutionRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: CanListBuckets
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "s3:GetBucketLocation"
                  - "s3:ListAllMyBuckets"
                Resource: "arn:aws:s3:::*"
        - PolicyName: CanCallBatch
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - "batch:*"
                Resource: "*"
        - PolicyName: CanLog
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
            - Effect: Allow
              Action:
              - logs:*
              Resource: arn:aws:logs:*:*:*

Answer 1

Unfortunately, you can't use any functions (for example, Sub) inside Fn::GetAtt's logical resource name:

For the Fn::GetAtt logical resource name, you cannot use functions. You must specify a string that is a resource's logical ID.

Source: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html