- Newest
- Most votes
- Most comments
In this case it is required to configure an IAM Role for API Gateway to assume with the required sqs:SendMessage
permission as API Gateway will drop the Authorization
header if it contains an AWS Signature. It's in the docs but well hidden under the header mapping table.
- The Authorization header is dropped if it contains a Signature Version 4 signature.
Did you create a role for API Gateway that has a policy that allows API Gateway to interact with the SQS queue?
just curious but why would that be required? I am strictly using the REST API which is passing the authentication headers to SQS. The gateway itself shouldn't really know that it's calling SQS should it?
In this case the API Gateway receives the REST request but has to make an SQS API call behind the scenes, so it will need to be granted the access based on the principle of least privilege.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 3 months ago
Thanks! I missed that