ApiGatewayResourceProxyVar - AccessDenied [SOLVED]

aws
api-gateway

#1

I can’t seem to make heads or tales of this error. Any ideas? I’m trying to deploy the Serverless Express REST API example.

> serverless deploy
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Creating Stack...
Serverless: Checking Stack create progress...
.....
Serverless: Stack create finished...
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Uploading service .zip file to S3 (673.58 KB)...
Serverless: Validating template...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
............
Serverless: Operation failed!

  Serverless Error ---------------------------------------

  An error occurred: ApiGatewayResourceProxyVar - AccessDenied. User doesn't have permission to call apigateway:GetResources.

  Get Support --------------------------------------------
     Docs:          docs.serverless.com
     Bugs:          github.com/serverless/serverless/issues
     Issues:        forum.serverless.com

  Your Environment Information -----------------------------
     OS:                     win32
     Node Version:           8.11.3
     Serverless Version:     1.33.2

My AWS policy is straight out of the credentials guide, with three exceptions:

  1. I added a curly brace at the front, to make it valid JSON
  2. I fixed the version attribute to a valid value, “2012-10-17”
  3. I changed "apigateway:GET", to "apigateway:*", in the second statement, since there was an error about the user not being authorized to perform apigateway:POST on resource: arn:aws:apigateway:us-east-1::/restapis

Any ideas what’s wrong?


#2

I also had to change "Resource": "arn:aws:apigateway:*::/restapis/GATEWAY_ID/*" to "Resource": "arn:aws:apigateway:*::/restapis/*/*".


#3

Brilliant, thanks.

It would be nice to keep a more limited policy, but I guess that’s a task for another day.

Edit: Looks like the AWS credentialing instructions have already been updated. Perhaps everything is fixed in the new method?