Do HTTP APIs have same IAM integrations as REST APIs?

Question

Regarding the newly announced simplified [HTTP APIs][1] for API Gateway, do they include [the same IAM integrations][2] as traditional REST APIs?

For example, when adding permissions to invoke a Lambda to the API Gateway service, are HTTP API supported with the same service principals (`--principal apigateway.amazonaws.com --source-arn "arn:aws:execute-api:..."`), etc?

[1]: https://aws.amazon.com/about-aws/whats-new/2019/12/amazon-api-gateway-offers-faster-cheaper-simpler-apis-using-http-apis-preview/
  [2]: https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html

Accepted Answer

Yes the same IAM integrations apply for HTTP APIs as for REST APIs. The same IAM integrations apply for controlling access to API endpoints (HTTP and REST) as well as invoking backend AWS services like Lambda.

More specifically you can refer to this [public blog post][1] for HTTP APIs and adding permissions to invoke a Lambda function that is integrated with an HTTP API endpoint:

> Don’t forget that you will need to add a Lambda resource policy
> permission to the function to allow API Gateway to invoke your
> function. For example:

aws lambda add-permission
    --statement-id dd0dffb7-971e-5952-9699-38493cf34293
    --action lambda:InvokeFunction
    --function-name "arn:aws:lambda:us-west-1:[your account number]:function:Echo"
    --principal apigateway.amazonaws.com
    --source-arn "arn:aws:execute-api:us-west-1:[your accunt number]:[your gateway id]/"

[1]: https://aws.amazon.com/blogs/compute/announcing-http-apis-for-amazon-api-gateway/

Do HTTP APIs have same IAM integrations as REST APIs?

相關內容