Deployment to AWS fails when trying to read API Key value from SSM parameter store

Hi guys,

I’m relatively new to Serverless and AWS, so I’m sorry in advance if there’s something obviously wrong with the way I’m trying to do this.

I have one Serverless service which is running for a couple of months now:

service:
  name: myService1

package:
  individually: true

plugins:
  - serverless-webpack
  - serverless-offline-ssm
  - serverless-offline
  - serverless-reqvalidator-plugin
  - serverless-aws-documentation
  - serverless-domain-manager
  - serverless-api-gateway-caching

custom:
  webpack:
    webpackConfig: ./webpack.config.js
    includeModules: true
  documentation: XXX
  config: XXX
  customDomain:
    domainName: XXX
    stage: ${self:provider.stage}
    basePath: XXX
    certificateName: ${self:custom.config.${self:provider.stage}.certificateName}
    createRoute53Record: true
    endpointType: 'regional'
    securityPolicy: tls_1_2
  apiGatewayCaching:
    enabled: true
    ttlInSeconds: 3600
    clusterSize: '0.5'

provider:
  name: aws
  runtime: nodejs12.x
  region: eu-central-1
  stage: ${opt:stage, 'dev'}
  memorySize: 256
  timeout: 30
  versionFunctions: false
  logRetentionInDays: 14
  endpointType: REGIONAL
  apiKeys:
    - free:
        - myKey-${self:provider.stage}
  usagePlan:
    - free:
        throttle:
          burstLimit: 2000
          rateLimit: 1000
  apiGateway:
    minimumCompressionSize: 1024
  environment:
    AWS_NODEJS_CONNECTION_REUSE_ENABLED: 1
    STAGE: ${self:provider.stage}
  iamRoleStatements:
    - Effect: Allow
      Action:
        - ssm:DescribeParameters
        - ssm:GetParameter
        - ssm:PutParameter
        - ssm:GetParameters
        - kms:Decrypt
      Resource: 'arn:aws:ssm:${self:provider.region}:*:*'

functions: XXX


resources:
  Resources:
    RequestParamsValidator:
      Type: AWS::ApiGateway::RequestValidator
      Properties:
        Name: request-params-validator-${self:provider.stage}
        RestApiId:
          Ref: ApiGatewayRestApi
        ValidateRequestBody: false
        ValidateRequestParameters: true

A couple of days ago I’ve added a second service and I was experimenting on using predefined keys so I could have shared keys for multiple APIs. The second serverless.yml is almost identical except for this part:

  apiKeys:
    - free:
        - name: myOtherKey
          value: ${ssm:/path/to/my/key}

When I try to deploy the second service I’m getting this:

 Serverless Error ---------------------------------------

An error occurred: ApiGatewayApiKeyFree1 - API Key already exists (Service: AmazonApiGateway; Status Code: 409; Error Code: ConflictException; Request ID: b541d334-049c-487d-a2bd-6540d8e9dc1e).

The output above is related to the fact that there’s already a resource with the logical id of ApiGatewayApiKeyFree1 present in the CloudFormation stack of the first service.

Funnily enough, when I hardcode the value part the deployment process goes without a hitch and I get the new key deployed:

apiKeys:
    - free:
        - name: myOtherKey
          value: myHardcodedValue12345

Is this a bug? Is there something that I’m missing?

Thanks!