How can I get the ARN for the API gateway resource that the serverless framework creates within my serverless.yml file?
I want to get the ARN for the API Gateway resource so that I can use it within an IAM policy to perform IAM based authorization on the gateway.
Within the Serverless ecosystem, API Gateway is the piece that ties together Serverless functions and API definitions.
To reference properties in other YAML files use the ${file(./myFile. yml):someProperty} syntax in your serverless. yml configuration file. To reference properties in other JSON files use the ${file(./myFile.
The whole ARN for an API is of the form: arn:aws:execute-api:region:account-id:api-id/stage/METHOD_HTTP_VERB/Resource-path
). Using { "Ref" : "ApiGatewayRestApi" }
(link) within your serverless.yml gives you the apiId.
You can do something like the below (see the Resource section) to convert this to a whole Arn to reference an API:
PolicyName: InvokeAPI
PolicyDocument:
Version: "2012-10-17"
Statement:
Effect: "Allow"
Action: "execute-api:Invoke"
Resource:
- Fn::Join:
- "/"
-
- Fn::Join: [":", ["arn:aws:execute-api", {"Ref": "AWS::Region"}, {"Ref":"AWS::AccountId"}, {"Ref": "ApiGatewayRestApi"}]]
- "*"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With