2 個答案
- 最新
- 最多得票
- 最多評論
1
This can indeed be done as specified in this documentation. Should you use the following resource
arn:aws:execute-api:region:account-id:api-id/stage-name/*/foo/bar/*
the policy will apply to all methods under sub-resources of /foo/bar/. For example, an allow there in authorizer policy will not allow methods under /foo, only for sub-resources under /foo/bar/.
Using a wildcard * for the http verb segment won't have an impact on later resource segment unless it is the last segment. Only the * in last segment in this example will match everything to right. Do refer to example resource expressions here for details.
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
Okay, thanks! So, per the examples, it looks like in the format
arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path-specifierit is possible to use a wildcard in place ofstage-nameand/orHTTP-VERBand still specifyresource-path-specifierwhich may also include a wildcard at the end.Is it possible, then, to also use multiple wildcards in the
resource-path-specifier? For example, could I use a wildcard to match a path variable in my API Gateway resource - e.g./foo/bar/*/allowedwould allow access to/foo/bar/{id}/allowedbut deny access to any other sub-resource of/foo/bar/{id}/?/foo/bar/*/allowedshould work as you expect, allowingallowedsub-resource but implicitly denying other sub-resources