Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS API Gateway: User anonymous is not authorized to execute API

Trying to post to an API I've created in API gateway:

{     "Message": "User: anonymous is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-west-2:***********:jrr7u1ekrr/v0/POST/user" } 

How can I update the policy in CloudFormation to make publicly available the POST endpoint? I'm declaring the API with the AWS::ApiGateway::RestApi resource type.

the API policy property is:

{     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Principal": "*",             "Action": "execute-api:Invoke",             "Resource": "execute-api:/*/POST/user"         }     ] }  
like image 975
tgk Avatar asked Oct 26 '18 20:10

tgk


People also ask

Is not authorized to perform Apigateway get?

I am not authorized to perform an action in API Gateway If the AWS Management Console tells you that you're not authorized to perform an action, then you must contact your administrator for assistance. Your administrator is the person that provided you with your user name and password.

Why do I get an HTTP 403 Forbidden error when connecting to my API gateway APIs from a VPC?

The HTTP 403 Forbidden error most commonly occurs when private DNS is enabled for an API Gateway interface VPC endpoint that's associated with a VPC. In this scenario, all requests from the VPC to API Gateway APIs resolve to that interface VPC endpoint.


2 Answers

Something that tripped me up: "If the API has been deployed previously in the API Gateway console, you'll need to redeploy it for the resource policy to take effect."

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-create-attach.html

like image 78
Travis Bear Avatar answered Sep 21 '22 19:09

Travis Bear


Even if the Authorization is set to NONE for your OPTIONS method, it will check the resource policy if you have one.

You can make your OPTIONS method public available by setting the following API gateway resource policy.

{     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Principal": {                 "AWS": "*"             },             "Action": "execute-api:Invoke",             "Resource": "arn:aws:execute-api:{REGION}:{AWS_ACCOUNT}:{YOUR_API_ID}/{YOUR_API_STAGE}/OPTIONS/*"         }     ] } 

Ckeck How API Gateway Resource Policies Affect Authorization Workflow

like image 23
pavan Kumar Avatar answered Sep 19 '22 19:09

pavan Kumar