By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is it possible to communicate directly between 2 APIGateways in the same account?

0

I created a first APIGateway A (sub1.custom-domain.com) with a couple of apis and I have another APIGateway B (sub2.custom-domain.com) within the same account. I have an API /items in ApiGateway A that requires to call another API /providers that is located in the ApiGateway B. I tried to add a role to the lambda function items_lambda to invoke the ApiGateway B but it returns an error 403 Forbidden.

That's the policy I added in order to invoke the apis from ApiGateway B but it does not fix the issue.

{
       Version = "2012-10-17"
       Statement = [{
          Action = "execute-api:Invoke",
          Effect =  "Allow",
          Resource = "arn:aws:execute-api:${region}:*:*/*"
    }]}

Does the policy wrong or should I make the called resource more specific to access the exact path?

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
AWS LambdaAmazon API GatewayIAM Policies
Language
English
ALPHA123
asked a month ago223 views
1 Answer
0

It seems you are not invoking API B directly from API A, but rather, API A calls a Lambda that calls API B.

It also seems that you are using IAM auth for API B. If this is case, your Lambda function must sign the requests going to API using SigV4 with the credentials obtained from the role.

profile pictureAWS
EXPERT
Uri
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content