Deployment to AWS fails when trying to read API Key value from SSM parameter store

Serverless Framework
,
1

Hi guys,

I’m relatively new to Serverless and AWS, so I’m sorry in advance if there’s something obviously wrong with the way I’m trying to do this.

I have one Serverless service which is running for a couple of months now:

service:
  name: myService1

package:
  individually: true

plugins:
  - serverless-webpack
  - serverless-offline-ssm
  - serverless-offline
  - serverless-reqvalidator-plugin
  - serverless-aws-documentation
  - serverless-domain-manager
  - serverless-api-gateway-caching

custom:
  webpack:
    webpackConfig: ./webpack.config.js
    includeModules: true
  documentation: XXX
  config: XXX
  customDomain:
    domainName: XXX
    stage: ${self:provider.stage}
    basePath: XXX
    certificateName: ${self:custom.config.${self:provider.stage}.certificateName}
    createRoute53Record: true
    endpointType: 'regional'
    securityPolicy: tls_1_2
  apiGatewayCaching:
    enabled: true
    ttlInSeconds: 3600
    clusterSize: '0.5'

provider:
  name: aws
  runtime: nodejs12.x
  region: eu-central-1
  stage: ${opt:stage, 'dev'}
  memorySize: 256
  timeout: 30
  versionFunctions: false
  logRetentionInDays: 14
  endpointType: REGIONAL
  apiKeys:
    - free:
        - myKey-${self:provider.stage}
  usagePlan:
    - free:
        throttle:
          burstLimit: 2000
          rateLimit: 1000
  apiGateway:
    minimumCompressionSize: 1024
  environment:
    AWS_NODEJS_CONNECTION_REUSE_ENABLED: 1
    STAGE: ${self:provider.stage}
  iamRoleStatements:
    - Effect: Allow
      Action:
        - ssm:DescribeParameters
        - ssm:GetParameter
        - ssm:PutParameter
        - ssm:GetParameters
        - kms:Decrypt
      Resource: 'arn:aws:ssm:${self:provider.region}:*:*'

functions: XXX


resources:
  Resources:
    RequestParamsValidator:
      Type: AWS::ApiGateway::RequestValidator
      Properties:
        Name: request-params-validator-${self:provider.stage}
        RestApiId:
          Ref: ApiGatewayRestApi
        ValidateRequestBody: false
        ValidateRequestParameters: true

A couple of days ago I’ve added a second service and I was experimenting on using predefined keys so I could have shared keys for multiple APIs. The second serverless.yml is almost identical except for this part:

  apiKeys:
    - free:
        - name: myOtherKey
          value: ${ssm:/path/to/my/key}

When I try to deploy the second service I’m getting this:

 Serverless Error ---------------------------------------

An error occurred: ApiGatewayApiKeyFree1 - API Key already exists (Service: AmazonApiGateway; Status Code: 409; Error Code: ConflictException; Request ID: b541d334-049c-487d-a2bd-6540d8e9dc1e).

The output above is related to the fact that there’s already a resource with the logical id of ApiGatewayApiKeyFree1 present in the CloudFormation stack of the first service.

Funnily enough, when I hardcode the value part the deployment process goes without a hitch and I get the new key deployed:

apiKeys:
    - free:
        - name: myOtherKey
          value: myHardcodedValue12345

Is this a bug? Is there something that I’m missing?

Thanks!