How can I restrict the apigateway restapi create and delete to project


I want to restrict the apigateway create and delete actions for the restapi using an IAM policy.

I have managed to do this for dynamo, lambda etc using resource arn name wildcards or project resource tag conditions but for the API gateway restapi create there are no tags available (only on a stage) and the restapi arn contains apigateway id which you dont know until created.

How does everyone else do this to avoid having below in IAM policy which my security team will not accept.

  • Effect: Allow
    Action: apigateway:*
    Resource: “*”

Thanks in advance