By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Cannot access proxy resource even though authorized

0

I know this is the resource policy to be returned by a REST API authorizer to authorize endpoint arn:aws:execute-api:us-west-2:123456789012:ymy8tbxw7b/dev/GET/

{
  "principalId": "user",
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Effect": "Deny",
        "Resource": "arn:aws:execute-api:us-west-2:123456789012:ymy8tbxw7b/dev/GET/"
      }
    ]
  }
}

I have a proxy resource as arn:aws:execute-api:{region}:{accountid}:{apiid}///tnaapi/{proxy+}

{
  "principalId": "user",
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "execute-api:Invoke",
        "Effect": "Deny",
        "Resource": "arn:aws:execute-api:us-west-2:123456789012:ymy8tbxw7b/*/*/tnaapi/{proxy+}"
      }
    ]
  }
}

If I set this as "Resource" in a resource policy and return from the authorizer, I'm not allowed to tnaapi/aaaa/bbb endpoints. How can I solve that?

Topics
ServerlessFront-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon API GatewayIAM Policies
Language
English
Jehan
asked a month ago128 views
1 Answer
1
Accepted Answer

I had to do this

tnaapi/*/*
Jehan
answered a month ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content