AWS rolePermissionsBoundary: how to get account ID

I’m trying to use rolePermissionsBoundary, but I’m not sure how to use it without hardcoding the account ID (because there’s a different boundary in dev/test/prod accounts).

I know you can get the account in CloudFormation pieces with #{AWS::AccountId}, but that doesn’t seem to work in the non-CF portions such as rolePermissionsBoundary. Is there a way to reference the account ID there?

I tried (with and without quotes):

rolePermissionsBoundary: "arn:aws:iam::#{AWS::AccountId}:policy/dev_boundary"

Got it working with the serverless-pseudo-parameters plugin. That’s not supposed to be required anymore, but using it made it work properly.