Enable "Invoke with caller credentials" on API Gateway?

How does one do this?

In this issue (https://github.com/serverless/serverless/issues/1030) @flomotlik mentions that it can be done using resources. I don’t understand how though.

I hunted down this document, https://github.com/serverless/serverless/blob/master/docs/guide/custom-provider-resources.md, which describes provider resources. I think this is it, but I don’t even know where to start looking to understand how I would enable it.


1 Like

Hey @camhart, basically what you need to do is check the Cloudformation template we’re creating for you and then in the resources section you can overwrite those configurations in the cloud formation template by creating the same template structure and changing whichever values should be different.

This is definitely an advanced feature and it certainly helps if you have Cloudformation experience already.

1 Like

@flomotlik I’ve figured out I can do the following to get it set (as well as setting the AuthorizationType to AWS_IAM, however I found the name “PostMethodApigEventCreateaccountAccountCreate” by looking it up under AWS console’s cloud formation listing. Is it possible for me to not have to lookup the name “PostMethodApigEventCreateaccountAccountCreate”, but somehow grab the name? Do you think a custom plugin would be required?

PostMethodApigEventCreateaccountAccountCreate:  # <- Had to look this up "the hard way"
  Type: 'AWS::ApiGateway::Method'
    AuthorizationType: AWS_IAM  #sets authorization to AWS_IAM
      Credentials: 'arn:aws:iam::*:user/*' #sets "Invoke with caller credentials" to true

I should add, I tried changing the name but carrying in the references (see below) that that resource had, but cloudformation didn’t like it.

      Ref: ResourceApigEventCreateaccountAccountCreate
      Ref: RestApiApigEvent

Edit: While this results in the box being checked, I started to get unexplained 5XX errors. I might be missing something essential that also needs included.

1 Like