Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS API Gateway IAM Policy Role in Docs Fails in Simulation

Tags:

amazon-web-services

aws-api-gateway

amazon-iam

amazon-cognito

The AWS IAM Policy Docs for AWS (shown here) indicate that the following policy gives full access for a role to hit the API Gateway

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

When simulating that policy with API Gateway as the target, the policy denies access. This seems like a direct contradiction to the provided documentation.

IAM Policy Simulation Result

like image 866
Nathan Tornquist Avatar asked Nov 19 '25 14:11

Nathan Tornquist

1 Answers

Amazon's permissions model divides API Gateway permissions into two services:

  • Amazon API Gateway - Permissions for clients, currently the only action is execute-api:invoke.
  • Manage - API Gateway - Admin permissions for configuring the API Gateway, which has CRUD actions fitting the apigateway:* spec.

enter image description here

The policy you have applies to the Manage API Gateway service, the simulation should work if you select that.

This same separation is visible in the regular IAM policy wizard, where "Manage - API Gateway" sorts to the bottom of the service list where you can't see it.

enter image description here

like image 121
James Avatar answered Nov 22 '25 03:11

James
Sign in to Comment

Related questions

High level PHP library for Amazon SWF deciders to check state of activity tasks

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!