Error when creating VPC endpoint and Security group using serverless-vpc-plugin

Serverless Framework
, ,
1

Hello, when I run the deploy command, I receive the error:
CREATE_FAILED: AppSecurityGroup (AWS::EC2::SecurityGroup)
Exactly one of CidrIp, CidrIpv6, DestinationSecurityGroupId, and DestinationPrefixListId must be specified and not empty

I have to make an API Gateway private.
For this, I need to attach a vpce to vpcEndpointIds.

So I have to create from serverless: the VPC endpoint (.execute-api) and a Security Group (all inbound/outbound traffic) that I should attach to the VPC endpoint.
Then I can add this VPC endpoint to vpcEndpointIds.

For this I used the serverless-vpc-plugin as can be seen in the following code:

frameworkVersion: '3'

plugins:
  ...
  - serverless-vpc-plugin

custom:
  ...
  vpcEndpointId: { "Fn::GetAtt": ["MyVpcEndpoint", "VpcEndpointId"] }


provider:
  name: aws
  endpointType: PRIVATE
  vpcEndpointIds:
    - ${self:custom.vpcEndpointId}

  apiGateway:
    ...
    resourcePolicy:
      - Effect: Allow
        Principal: "*"
        Action: execute-api:Invoke
        Resource:
          - "arn:aws:execute-api:${self:provider.region}:${aws:accountId}:${self:custom.apiEndpointId.${self:provider.stage}}/*"
      - Effect: "Deny"
        Principal: "*"
        Action: execute-api:Invoke
        Resource:
          - "arn:aws:execute-api:${self:provider.region}:${aws:accountId}:${self:custom.apiEndpointId.${self:provider.stage}}/*"
        Condition:
          StringNotEquals:
            aws:sourceVpce:
              - ${self:custom.vpcEndpointId}
  ...

resources:
  Resources:
    MySecurityGroup:
      Type: AWS::EC2::SecurityGroup
      Properties:
        GroupName: 'SG-BKOF-${self:provider.stage}'
        GroupDescription: 'SG for BKOF'
        VpcId: vpc-12.....
        SecurityGroupIngress:
          - IpProtocol: "-1"
            FromPort: 0
            ToPort: 65535
            CidrIp: 0.0.0.0/0
        SecurityGroupEgress:
          - IpProtocol: -1
            FromPort: 0
            ToPort: 65535
            CidrIp: 0.0.0.0/0
  
    MyVpcEndpoint:
      Type: AWS::EC2::VPCEndpoint
      Properties:
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal: '*'
              Action: '*'
              Resource: '*'
        ServiceName: !Sub 'com.amazonaws.${self:provider.region}.execute-api'
        VpcId: vpc-12.....
        VpcEndpointType: Interface
        PrivateDnsEnabled: true
        SecurityGroupIds:
          - { "Fn::GetAtt": ["MySecurityGroup", "GroupId"] }
        SubnetIds:
          - ${ssm:/network/VPC/Subnets/${self:provider.stage}-...}
          - ${ssm:/network/VPC/Subnets/${self:provider.stage}-...}
          - ${ssm:/network/VPC/Subnets/${self:provider.stage}-...}

I really need help because I’ve tried many options and I can’t get rid of this error.
Thank you!