API Gateway Resource Policy

lepirlouit · April 10, 2018, 1:58pm

Amazon just introduced API Gateway Resource Policy
This is fine for static authorizers eg ip whitelistings.
https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-api-gateway-supports-resource-policies/

eg : https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-examples.html

How to apply this with serverless.yml

bill · April 12, 2018, 10:54am

Thanks to post this update.

My understand is, serverless framework only takes care of lambda iam role and its policy in block of provider -> iamRoleStatements

If you need manage IAM role to API Gateway, you can directly copy/paste the sample codes from your URLs to Resources block, as normal cloudformation json/yaml codes.

thepauleh · June 1, 2018, 10:02am

Just to save people a few clicks.

At present cloudformation does not support apigateway resource policies.

The following issue has been created on serverless - you could subscribe to this to be notified when cloudformation supports it so someone is able to implement it in serverless.

github.com/serverless/serverless

API Gateway Resource Policy Support Feature

opened 08:02PM - 20 Apr 18 UTC

closed 12:18AM - 03 Jul 18 UTC

ptrivedi9400

enhancement

# This is a Feature Proposal ## Description Recently API Gateway (April 2nd, 2018) started providing resource policy to handle each API. Which includes blacklisting IP or allowing denying IP. This is currently only supported by the API Gateway API, AWS console, AWS SDK and not yet by CloudFormation, which I'm guessing is why it is not yet supported by Serverless. [Announcement](https://aws.amazon.com/about-aws/whats-new/2018/04/amazon-api-gateway-supports-resource-policies/) [Blog for console-based setup](https://lobster1234.github.io/2018/04/14/amazon-api-gateway-ip-whitelisting/) Probably best to wait for CloudFormation to catch up on this so I'm just registering for a future task. For feature proposals: * IP Blacklisting or allowing a certain type of method. Basically IAM type policy but without creating IAM role/policy. * Json input or parameter based information can be set up. Note ** [Forum Question in relation](https://forum.serverless.com/t/api-gateway-resource-policy/4215 )

dbeckwith01 · June 14, 2018, 9:12pm

While the CF support is being developed is their a recommend way of implementing a resource policy after Serverless deploy has been executed?

Topic		Replies	Views
How to create AWS API Gateway Resource Policy section by using serverless framework Serverless Framework	2	1873	October 25, 2018
APi gateway resource policy do not appear in cloudformation Serverless Framework api-gateway	1	2285	July 30, 2020
Serverless does not grant AWS Custom Authorizer with the required permissions to be invoked by API Gateway Serverless Framework aws , api-gateway	4	4499	March 13, 2019
API Gateway Policy in deployment/service account Serverless Framework aws	0	624	May 16, 2018
How to pass IAM role to invoke Authorizer lambda w/o modifying resource policy? Serverless Framework aws , lambda , api-gateway , iam	0	877	June 11, 2021

API Gateway Resource Policy

Related topics