From 9315dee58e058e1596415b2e80aabf13fab15bbf Mon Sep 17 00:00:00 2001
From: John Pignata <john@pignata.com>
Date: Wed, 23 Nov 2022 03:24:25 +0000
Subject: [PATCH] fix(appsync): fully qualify service principal

In aws#22819, a feature flag was added to use standardized service
principal names instead of using a database lookup. This reference
wasn't updated which causes failures in new CDK applications that try
to create AppSync resources. This change passes the fully qualified
service principal when creating a service role for a new data source.

fixes aws#23035
---
 packages/@aws-cdk/aws-appsync/lib/data-source.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/aws-appsync/lib/data-source.ts b/packages/@aws-cdk/aws-appsync/lib/data-source.ts
index 3351c6b18c14a..0ca273a78db8d 100644
--- a/packages/@aws-cdk/aws-appsync/lib/data-source.ts
+++ b/packages/@aws-cdk/aws-appsync/lib/data-source.ts
@@ -113,7 +113,9 @@ export abstract class BaseDataSource extends Construct {
     super(scope, id);
 
     if (extended.type !== 'NONE') {
-      this.serviceRole = props.serviceRole || new Role(this, 'ServiceRole', { assumedBy: new ServicePrincipal('appsync') });
+      this.serviceRole = props.serviceRole || new Role(this, 'ServiceRole', {
+        assumedBy: new ServicePrincipal('appsync.amazonaws.com'),
+      });
     }
     // Replace unsupported characters from DataSource name. The only allowed pattern is: {[_A-Za-z][_0-9A-Za-z]*}
     const name = (props.name ?? id);