Menu
How to attach the assumable role with the lambda invocations to an API Gateway API or all methods?
Create an API Gateway API for AWS Lambda Functions tells to attach an IAM policy to invoke Lambda:
This means that, at minimum, you must attach the following IAM policy to an IAM role for API Gateway to assume the policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "*"
}
]
}
An API Gateway assumable role is an IAM role with the following trusted relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
It looks lambda_permission can attach per method basis but not sure if there is a way to be able to invoke any method "*".
Api Gateway can't invoke Lambda function tells a way to attach from UI per method/function.
424
As in Specify Lambda permissions for API Gateway REST API, set source_arn to the execution_arn of the API should do.
resource "aws_lambda_permission" "apigw" {
statement_id = "AllowAPIGatewayInvoke"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.example.arn}"
principal = "apigateway.amazonaws.com"
#--------------------------------------------------------------------------------
# Per deployment
#--------------------------------------------------------------------------------
# The /*/* grants access from any method on any resource within the deployment.
# source_arn = "${aws_api_gateway_deployment.test.execution_arn}/*/*"
#--------------------------------------------------------------------------------
# Per API
#--------------------------------------------------------------------------------
# The /*/*/* part allows invocation from any stage, method and resource path
# within API Gateway REST API.
source_arn = "${aws_api_gateway_rest_api.example.execution_arn}/*/*/*"
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With