Skip to content

AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

API Gateway IAM Actions Permissions Definition

0

A customer would like to understand why the IAM actions defined for API Gateway do not follow the same patterns as with other services. We only show the actions GET, POST, DELETE, PUT, etc.. and do not expose the underlying actions for things like CreateRestAPI. This prevents them from getting very granular with defining least permissions for their roles. Why is API Gateway different here?

Topics: Serverless Front-End Web & Mobile Networking & Content Delivery
Tags: Amazon API Gateway Serverless
Language: English

asked 5 years ago2.8K views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

0

Accepted Answer

The IAM policy would need to specify the relevant HTTP verb for the action against the resource they need to modify: API reference - https://docs.aws.amazon.com/apigateway/api-reference/resource/ Examples - https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies

This should still allow them to get granular with their permissions though, what exactly does the policy need to do?

AWS-User-1570219

answered 5 years ago

Relevant content

Do HTTP APIs have same IAM integrations as REST APIs?
Accepted Answer
Ed Swindelles
asked 6 years ago
How to integrate API Gateway to S3 Service using Action Type as Action Name PutObject
Sumeet Makhija
asked 2 years ago
I would like to expose a VPC Lattice service using API Gateway VPC Link. Is there a way to restrict access to the Lattice service to only allow requests from this API Gateway?
Accepted Answer
AWSJoe
asked 10 months ago
Logged in As Root User - However Unable to see "Add Permission" for the IAM Role
AWS_AI_CHAT_IS_OK_NOT_SO_GREAT
asked a year ago
How can I troubleshoot signature mismatch errors when making SigV4 signed requests with IAM authentication to API Gateway?
AWS OFFICIALUpdated 3 years ago
How can I resolve errors when deleting custom domain names with API Gateway?
AWS OFFICIALUpdated a year ago
How do I resolve the IAM user error "not authorized to perform iam:PassRole"?
AWS OFFICIALUpdated a year ago
I defined my Lambda integration in API Gateway using a stage variable. Why do I get an "Internal server error" and a 500 status code when I invoke the API method?
AWS OFFICIALUpdated a year ago
What's New - AWS Identity and Access Management provides action last accessed information for more than 140 services
EXPERT
Nini Ren
published 2 years ago
What's special about AWS Service-Linked IAM Roles
EXPERT
SHAJAM
published 3 months ago