chore(appsync): rds data source service integration with grantDataApi (…

…#14671)

Utilize the `grantDataApi` from RDS to complete service integration.

Fixes: #13189 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-appsync/lib/data-source.ts

@@ -350,12 +350,14 @@ export class RdsDataSource extends BackedDataSource {
     props.secretStore.grantRead(this);
 
     // Change to grant with RDS grant becomes implemented
+
+    props.serverlessCluster.grantDataApiAccess(this);
+
     Grant.addToPrincipal({
       grantee: this,
       actions: [
         'rds-data:DeleteItems',
         'rds-data:ExecuteSql',
-        'rds-data:ExecuteStatement',
         'rds-data:GetItems',
         'rds-data:InsertItems',
         'rds-data:UpdateItems',

packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts

@@ -58,11 +58,29 @@ describe('Rds Data Source configuration', () => {
           Effect: 'Allow',
           Resource: { Ref: 'AuroraSecret41E6E877' },
         },
+        {
+          Action: [
+            'rds-data:BatchExecuteStatement',
+            'rds-data:BeginTransaction',
+            'rds-data:CommitTransaction',
+            'rds-data:ExecuteStatement',
+            'rds-data:RollbackTransaction',
+          ],
+          Effect: 'Allow',
+          Resource: '*',
+        },
+        {
+          Action: [
+            'secretsmanager:GetSecretValue',
+            'secretsmanager:DescribeSecret',
+          ],
+          Effect: 'Allow',
+          Resource: { Ref: 'AuroraClusterSecretAttachmentDB8032DA' },
+        },
         {
           Action: [
             'rds-data:DeleteItems',
             'rds-data:ExecuteSql',
-            'rds-data:ExecuteStatement',
             'rds-data:GetItems',
             'rds-data:InsertItems',
             'rds-data:UpdateItems',