Accessing HTTP API using IAM policy

Asked Oct 04 '21 at 20:00

Active Oct 04 '21 at 20:00

Viewed 70 times

I am using an HTTP API Gateway with {proxy+} route, $default stage and ANY method with IAM Authorization. Before activating IAM Authorization the API responds to every request and to none after activation as expected

However, after adding an IAM policy to an EC2 instance that allows the instance to call the API, it still returns { message: 'Forbidden' }

The policy I am using (as specified by the docs) is

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "execute-api:Invoke",
            "Resource": "arn:aws:execute-api:*:*:*/*/*/*"
        }
    ]
}

which is a very broad one for testing purposes

The linked docs point to the documentation to REST APIs Access Control, but the HTTP API IAM Access Control documentation points to the same page

asked Oct 04 '21 at 20:00

Matias Haeussler

Are you wanting to call the API or are you wanting to make an https request to the API? I think what you might have done is allowed your EC2 instance to make API calls to the control plane, as opposed to making the https calls to use the API – Tim Oct 04 '21 at 20:23

Accessing HTTP API using IAM policy

0 Answers0