How do i create a role with apigateway permission with restricting it to the relevant resources of an account ?
0
Hello Colleagues,
I want to create a role in which i need to pass certain apigateway permission like post,put,delete but i want to restrict these permission to individual apigateway resource like arn:aws:apigateway::{ACCOUNT_ID}:/apis/{RESOURCE_NAME} not like arn:aws:apigateway:::/apis. It works when i try to use this role in a cloudformation template to create a api gateway with resources like arn:aws:apigateway:::/apis but i want to use it for a specific resources something like this arn:aws:apigateway::{ACCOUNT_ID}:/apis/{RESOURCE_NAME} ?
Hello Uri,
This is for executing api once it is deployed but i want to restrict it while creating the resource itself , so basically i am creating an api gateway using cloudfromation template which uses some role so i want using that role only that particular api should be created and read .
Please help here
Thanks
I am not sure what exactly are you trying to achieve. Are you trying to prevent some users from creating an API? or are you requiring that all APIs include some route? Please elaborate.
Hello Uri,
Actually i am trying to create api in a third party aws account using role delegation approach for which i have created a role in third party account which i am using to create a api gateway via cloudformation template. So what i want now is that using that role i would be able to only create/delete/put/get resources that starts with suppose "abc*" so i want to restrict permission of api gateway from all resource to a specific resource type for this role.
I hope now its clear for you.
Thanks
I am not sure if it is possible. All the IAM actions, conditions and resources for API Gateway are listed here and some examples of using it here. I could not find anything that references that path.
AWS OFFICIALUpdated 2 years ago
Hello Uri, This is for executing api once it is deployed but i want to restrict it while creating the resource itself , so basically i am creating an api gateway using cloudfromation template which uses some role so i want using that role only that particular api should be created and read . Please help here Thanks
I am not sure what exactly are you trying to achieve. Are you trying to prevent some users from creating an API? or are you requiring that all APIs include some route? Please elaborate.
Hello Uri, Actually i am trying to create api in a third party aws account using role delegation approach for which i have created a role in third party account which i am using to create a api gateway via cloudformation template. So what i want now is that using that role i would be able to only create/delete/put/get resources that starts with suppose "abc*" so i want to restrict permission of api gateway from all resource to a specific resource type for this role. I hope now its clear for you. Thanks
Hello Uri,
Could you please check and help ?
Thanks
I am not sure if it is possible. All the IAM actions, conditions and resources for API Gateway are listed here and some examples of using it here. I could not find anything that references that path.