Trying to create an IAM role for lambda to call AppSync API from the lambda function. But having trouble with referencing the Appsync resource.
The serverless.yml (truncated):
provider:
iam:
role:
statements:
- Effect: 'Allow'
Action:
- 'appsync:GraphQL'
Resource: !Sub ${appsync:arn}/types/Mutation/fields/*
resources:
Outputs:
apiArn:
Value: ${appsync:arn}
appSync:
name: AppSync-api
...
Used the reference variable ${appsync:arn} as mentioned in the Serverless AppSync Plugin
But running this giving me an error:
Cannot resolve serverless.yml: Variables resolution errored with:
- Cannot resolve variable at "provider.iam.role.statements.6.Resource.Fn::Sub": String value consist of variable which resolve with non-string value
If I hardcode the arn with currently deployed API arn in Resource, I get the expected arn in Outputs after successful deployment. So, how can I dynamically reference the AppSync Api Arn in IAM role statement?
