API Gateway Policy in deployment/service account

aws

#1

Hello all,

I am working on refining the policy for deployment/service account and I am not able to restrict API Gateway actions to just resource that I will be generating through serverless. I understand that API ID gets generated during deployment process. I am looking to see if any of the these options are feasible i.e. can I specify my own API ID in serverless.yml? or is there any way I can retrieve the api id in IAM policy based some identifier?

Current policy that is working is -

{
  "Effect": "Allow",
  "Action": [
    "apigateway:GET",
    "apigateway:POST",
    "apigateway:PUT",
    "apigateway:DELETE"
  ],
  "Resource": [
    "arn:aws:apigateway:*::/restapis",
    "arn:aws:apigateway:*::/restapis/*"
  ]
}

My goal is to specify “arn:aws:apigateway:::/restapis/APIID/” to restrict resources.

TIA