fix: Fix AWS partition reference in APIGW CloudWatch role setup

Addresses issue mentioned in #7100
serverless · Dec 18, 2019 · fc74c28 · fc74c28
1 parent bce8300
commit fc74c28
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/lib/plugins/aws/package/compile/events/lib/ensureApiGatewayCloudWatchRole.js b/lib/plugins/aws/package/compile/events/lib/ensureApiGatewayCloudWatchRole.js
@@ -30,7 +30,10 @@ module.exports = memoize(provider =>
       {
         Effect: 'Allow',
         Resource: {
-          'Fn::Join': [':', ['arn:aws:iam:', { Ref: 'AWS::AccountId' }, 'role/*']],
+          'Fn::Join': [
+            ':',
+            ['arn', { Ref: 'AWS::Partition' }, 'iam:', { Ref: 'AWS::AccountId' }, 'role/*'],
+          ],
         },
         Action: [
           'iam:AttachRolePolicy',
@@ -41,7 +44,9 @@ module.exports = memoize(provider =>
       },
       {
         Effect: 'Allow',
-        Resource: 'arn:aws:apigateway:*::/account',
+        Resource: {
+          'Fn::Join': [':', ['arn', { Ref: 'AWS::Partition' }, 'apigateway:*::/account']],
+        },
         Action: ['apigateway:GET', 'apigateway:PATCH'],
       },
     ]);