I’m creating a simple API Gateway proxy:
functions:
handler:
handler: ./index.handler
name: ${self:service}
events:
- http: GET hello
And I have StackTags defined. When I deploy I get the following error.
Serverless Error ---------------------------------------
User: arn:aws:iam::XXXXXXXXXXX:user/myUser is not authorized to perform: apigateway:PUT on resource: arn:aws:apigateway:us-east-1::/tags/arn%3Aaws%3Aapigateway%3Aus-east-1%3A%3A%2Frestapis%2F9tsrzq5lo0%2Fstages%2Fdev
It successfully creates the API Gateway (without tags). Looks like the above might be trying to add tags. The ARN looks malformed with an encoded string appended to the end. We have a policy that looks like this:
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE",
"apigateway:PATCH"
],
"Resource": [
"arn:aws:apigateway:*::/restapis*"
]
},
The ARN that serverless is showing in the error does not match our resource since it is not a valid ARN. Am I missing something or is this a bug? This worked when our policy’s resource was *