API Gateway Policy in deployment/service account

dp1121 · May 16, 2018, 1:37pm

Hello all,

I am working on refining the policy for deployment/service account and I am not able to restrict API Gateway actions to just resource that I will be generating through serverless. I understand that API ID gets generated during deployment process. I am looking to see if any of the these options are feasible i.e. can I specify my own API ID in serverless.yml? or is there any way I can retrieve the api id in IAM policy based some identifier?

Current policy that is working is -

{
  "Effect": "Allow",
  "Action": [
    "apigateway:GET",
    "apigateway:POST",
    "apigateway:PUT",
    "apigateway:DELETE"
  ],
  "Resource": [
    "arn:aws:apigateway:*::/restapis",
    "arn:aws:apigateway:*::/restapis/*"
  ]
}

My goal is to specify “arn:aws:apigateway:::/restapis/APIID/” to restrict resources.

TIA

Topic		Replies	Views
How can I restrict the apigateway restapi create and delete to project Serverless Framework api-gateway	0	616	August 21, 2019
Creating a IAM policy for client access in AWS Serverless Framework aws , iam	1	863	September 5, 2018
APi gateway resource policy do not appear in cloudformation Serverless Framework api-gateway	1	2290	July 30, 2020
API Gateway Resource Policy Serverless Framework	3	6977	June 14, 2018
Using serverless authorization of apigateway Serverless Framework aws	1	687	June 26, 2017

API Gateway Policy in deployment/service account

Related topics