Join Log in
Score:0
Matias Haeussler avatar Server

Accessing HTTP API using IAM policy

cn flag
Matias Haeussler

I am using an HTTP API Gateway with {proxy+} route, $default stage and ANY method with IAM Authorization. Before activating IAM Authorization the API responds to every request and to none after activation as expected

However, after adding an IAM policy to an EC2 instance that allows the instance to call the API, it still returns { message: 'Forbidden' }

The policy I am using (as specified by the docs) is

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "execute-api:Invoke",
            "Resource": "arn:aws:execute-api:*:*:*/*/*/*"
        }
    ]
}

which is a very broad one for testing purposes

The linked docs point to the documentation to REST APIs Access Control, but the HTTP API IAM Access Control documentation points to the same page

53
0 + 0
Tim avatar
gp flag
Tim
Are you wanting to call the API or are you wanting to make an https request to the API? I think what you might have done is allowed your EC2 instance to make API calls to the control plane, as opposed to making the https calls to use the API
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.