- Newest
- Most votes
- Most comments
Hi,
I understand you want to cross account invocation on an API GW HTTP API with IAM but you are getting an “403 error”. The 403 error means the caller isn't authorized to access an API that's using a Lambda authorizer. To answer your questions, yes you can do cross account invocation on an API GW HTTP API with IAM. Firstly you will have to create a Lambda authorizer [1], you use a Lambda authorizer to use a Lambda function to control access to your HTTP API[2]. You will then configure a cross-account Lambda authorizer using the API Gateway console [3]. The methods you used before were meant for control access for invoking an API hence the reason you were successfully invoke it from its own account “(account A)”.
Refer to the references
[2] https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html
Please follow this document for your use-case: https://repost.aws/knowledge-center/api-gateway-iam-cross-account
Relevant content
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated 5 months ago