By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Is it possible to assume a role in an AWS MarketPlace to execute an API Gateway response?

0

We have an AWS API Gateway in one account, and a user in our MarketPlace account with all the necessary IAM permissions. The URL to execute a POST command points to the API Gateway account, and for this to work properly, the seller account must initiate the Post. Rather than moving everything to the seller account. Is there a way our AWS API Gateway can assume the role of the Marketplace Seller account user?

If so could you instruct how to create this role and or policy?

Thank you JoeD

1 Answer
0

Yes, it is possible to assume a role in an AWS Marketplace product to execute an API Gateway response. This can be achieved by using the AWS Security Token Service (STS) AssumeRole operation.

The general steps to accomplish this are:

  1. Create an IAM Role: In your AWS account, create an IAM role that grants the necessary permissions to invoke the API Gateway API and any other AWS resources required by your application.

  2. Share the Role with the Marketplace Product: When you subscribe to the AWS Marketplace product, you can share the IAM role you created with the product vendor. This allows the vendor's application to assume the role and perform actions on your behalf.

  3. Assume the Role in the Marketplace Product: Within the Marketplace product's code or configuration, use the AWS SDK or AWS CLI to call the AssumeRole operation of the STS service. This returns temporary security credentials that the application can use to make subsequent API calls to AWS services, including API Gateway.

  4. Configure API Gateway: In your API Gateway API, configure the appropriate IAM authentication settings to allow the assumed role to invoke the API. This typically involves setting the correct resource policy or using an IAM role for the API execution.

  5. Invoke the API Gateway API: With the temporary security credentials obtained from assuming the role, the Marketplace product can now invoke your API Gateway API and receive the response.

AWS
answered 22 days ago
  • Thank you Mr. Mike G, will try this out and let you know what happens. I appreciate your timely reply!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions