Using Functions within custom Conformance Pack resources

Hi,

I need help to use a function that concatenates a parameter with a static value within a remediation rule.

I have the following custom Conformance Pack, where I want to define the AutomationAssumeRole as a parameter.

Parameters:
  ParamAutomationAssumeRole:
    Default: ComplianceRemediation
    Type: String
Resources:
  Ec2SecurityGroupAttachedToEni:
    Type: AWS::Config::ConfigRule
    Properties:
      ConfigRuleName: ec2-security-group-attached-to-eni
      Scope:
        ComplianceResourceTypes:
          - AWS::EC2::SecurityGroup
      Source:
        Owner: AWS
        SourceIdentifier: EC2_SECURITY_GROUP_ATTACHED_TO_ENI
  Ec2SecurityGroupAttachedToEniRemediation:
    DependsOn: Ec2SecurityGroupAttachedToEni
    Type: "AWS::Config::RemediationConfiguration"
    Properties:
      ConfigRuleName: ec2-security-group-attached-to-eni
      ResourceType: "AWS::EC2::SecurityGroup"
      TargetId: "AWSConfigRemediation-DeleteUnusedSecurityGroup"
      TargetType: "SSM_DOCUMENT"
      TargetVersion: "1"
      Parameters:
        GroupId:
          ResourceValue:
            Value: "RESOURCE_ID"
        AutomationAssumeRole:
          StaticValue:
            Values:
              Fn::Sub:
                  "arn:aws:iam::${AWS::AccountId}:role/${ParamAutomationAssumeRole}"

Based on this doc, I could use the "Fn::Sub:" function, but the Conformance Pack deployment fails with the following error:

I'm not sure what I'm doing wrong here. Any help is much appreciated.

Thanks!