AWS API Gateway ARN

amazon-web-services amazon-iam aws-api-gateway
19,473

From the documentation: To create an IAM policy using the Policy Generator in the IAM console, select Manage Amazon API Gateway as AWS Service to set permissions statements for apigateway and select Amazon API Gateway as AWS Service to set permission statements for execute-api.

If you are creating a policy to manage creating/editing your API, then you will need to select Manage - Amazon API Gateway and then use * to give permission for all resources. If you want to give permissions for specific resources, then use this format: (note that the service name is apigateway)

arn:aws:apigateway:region::resource-path-specifier.

If you are creating a policy to manage invoking your API, then you will need to select Amazon API Gateway and then use * to give permission for all resources. If you want to give permissions for specific resources, then use this format: (note that the service name is execute-api)

arn:aws:execute-api:region:account-id:api-id/stage-name/HTTP-VERB/resource-path-specifier.

Share:
19,473
Miles
Author by

Miles

I'm the VP of Engineering at EquityEats. We're changing how new restaurants are funded and operated.

Updated on June 07, 2022

Comments

  • Miles
    Miles almost 2 years

    One of the things that drives me nuts is that AWS has loads of docs about the format of an ARN, but doesn't have any kind of generator to make you confident that the ARN is correct.

    In IAM, I'm trying to set up a policy to allow access to an API Gateway and I've read the following docs about it:

    But I can't get any ARN to validate, even just a wide open API Gateway ARN. See screenshot:

    open arn called invalid

    What am I doing wrong here?

  • Miles
    Miles over 7 years
    Thanks, that worked! I really wish AWS just has a tool to see the resources you have in AWS and generate an ARN. It's always one of the most annoying things about setting up AWS resources.
  • Brian T. Grant
    Brian T. Grant about 5 years
    @Miles: Building on this answer and to hopefully addressing your "wish" : it looks to me like navigating to a specific resource and HTTP verb on a gateway will allow you to see that full ARN within the "Method Request" box. I have a very resource defined at GET /v1/greetings and the tail end of the URN, is GET/v1/greetings
  • Vankuisher
    Vankuisher over 3 years
    Btw- what if you need to manage the api keys although you would like the access to only allow for retrieval of a single api key (arn:aws:apigateway:region::/apikeys/*) as opposed to many (arn:aws:apigateway:region::/apikeys)... I have noticed that this does not work... how can this be achieved ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to authorise a role to perform "execute-api:Invoke"?
Signature expired: is now earlier than error : InvalidSignatureException
How to keep WebSocket connection Alive - Flutter AWS?
Increase maximum POST size for Amazon API Gateway
Invoke an AWS lambda across regions
AWS API-Gateway communicating to SNS
clone AWS codecommit repo via HTTP
AWS API Gateway: How to pass IAM identity to Lambda function?
Unable to find .aws directory
How do I get AWS cross-account KMS keys to work?