E1040 raised when using !GetAtt on Outputs from AWS::ServiceCatalog::CloudFormationProvisionedProduct

[kylekluever]

CloudFormation Lint Version

cfn-lint 1.5.1

What operating system are you using?

Amazon Linux

Describe the bug

When running this command:

pipenv run cfn-lint --template ./test/success/sc-product.yaml

on the reproduction template I receive an E1040 error message:

E1040 {'Fn::GetAtt': ['VpcProduct', 'Outputs.VpcId']} that does not match 'AWS::EC2::VPC.Id'
test/success/sc-product.yaml:28:7

Expected behavior

I would think the !GetAtt VpcProduct.Outputs.VpcId should be allowed as the value for the VpcId property on the AWS::EC2::VpcEndpoint resource.

Would the fix be to add AWS::ServiceCatalog::CloudFormationProvisionedProduct resource type to the exclusions like #3346 did? I could try a PR for that if that's the solution.

Reproduction template

AWSTemplateFormatVersion: "2010-09-09"
Description: Create a VPC from Service Catalog

Parameters:
  VpcName:
    Type: String
    Description: The name of the VPC
  VpcSize:
    Type: String
    Description: Size of the VPC

Resources:
  VpcProduct:
    Type: AWS::ServiceCatalog::CloudFormationProvisionedProduct
    Properties:
      ProductId: "{{resolve:ssm:/org/sfg/servicecatalog/product_ids/vpc:1}}"
      ProvisioningArtifactName: v1.0.0
      ProvisioningParameters:
        - Key: VpcName
          Value: !Ref VpcName
        - Key: VpcSize
          Value: !Ref VpcSize

  DynamoDbEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      ServiceName: !Sub com.amazonaws.${AWS::Region}.dynamodb
      VpcId: !GetAtt VpcProduct.Outputs.VpcId
      RouteTableIds:
        - !GetAtt VpcProduct.Outputs.PrivateSubnetRouteTable

[kddejong]

Yea that should fix it.