diff --git a/packages/@aws-cdk/aws-appsync/lib/data-source.ts b/packages/@aws-cdk/aws-appsync/lib/data-source.ts
index 96c578390dfbc..21646e8573193 100644
--- a/packages/@aws-cdk/aws-appsync/lib/data-source.ts
+++ b/packages/@aws-cdk/aws-appsync/lib/data-source.ts
@@ -3,7 +3,7 @@ import { Grant, IGrantable, IPrincipal, IRole, Role, ServicePrincipal } from '@a
 import { IFunction } from '@aws-cdk/aws-lambda';
 import { IDatabaseCluster } from '@aws-cdk/aws-rds';
 import { ISecret } from '@aws-cdk/aws-secretsmanager';
-import { IResolvable, Stack } from '@aws-cdk/core';
+import { IResolvable, Lazy, Stack } from '@aws-cdk/core';
 import { Construct } from 'constructs';
 import { BaseAppsyncFunctionProps, AppsyncFunction } from './appsync-function';
 import { CfnDataSource } from './appsync.generated';
@@ -318,17 +318,25 @@ export class RdsDataSource extends BackedDataSource {
       relationalDatabaseConfig: {
         rdsHttpEndpointConfig: {
           awsRegion: props.databaseCluster.stack.region,
-          dbClusterIdentifier: props.databaseCluster.clusterIdentifier,
+          dbClusterIdentifier: Lazy.string({
+            produce: () => {
+              return Stack.of(this).formatArn({
+                service: 'rds',
+                resource: `cluster:${props.databaseCluster.clusterIdentifier}`,
+              });
+            },
+          }),
           awsSecretStoreArn: props.secretStore.secretArn,
         },
         relationalDatabaseSourceType: 'RDS_HTTP_ENDPOINT',
       },
     });
-    props.secretStore.grantRead(this);
     const clusterArn = Stack.of(this).formatArn({
       service: 'rds',
       resource: `cluster:${props.databaseCluster.clusterIdentifier}`,
     });
+    props.secretStore.grantRead(this);
+
     // Change to grant with RDS grant becomes implemented
     Grant.addToPrincipal({
       grantee: this,
diff --git a/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts b/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts
index ba0d80d00037b..97cea819de8f3 100644
--- a/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts
+++ b/packages/@aws-cdk/aws-appsync/test/appsync-rds.test.ts
@@ -97,6 +97,32 @@ describe('Rds Data Source configuration', () => {
     });
   });
 
+  test('rds cluster arn saved to RdsHttpEndpointConfig', () => {
+    // WHEN
+    api.addRdsDataSource('ds', cluster, secret);
+
+    // THEN
+    expect(stack).toHaveResourceLike('AWS::AppSync::DataSource', {
+      Type: 'RELATIONAL_DATABASE',
+      RelationalDatabaseConfig: {
+        RdsHttpEndpointConfig: {
+          AwsRegion: { Ref: 'AWS::Region' },
+          AwsSecretStoreArn: { Ref: 'AuroraSecret41E6E877' },
+          DbClusterIdentifier: {
+            'Fn::Join': ['', ['arn:',
+              { Ref: 'AWS::Partition' },
+              ':rds:',
+              { Ref: 'AWS::Region' },
+              ':',
+              { Ref: 'AWS::AccountId' },
+              ':cluster:',
+              { Ref: 'AuroraCluster23D869C0' }]],
+          },
+        },
+      },
+    });
+  });
+
   test('default configuration produces name identical to the id', () => {
     // WHEN
     api.addRdsDataSource('ds', cluster, secret);