I have policy: AmazonAPIGatewayInvokeFullAccess and user is associate with this policy but when I simulate action to invoke API it says access denied, can anyone help me understand what is the problem here??
Find simulator image here
Asked
Active
Viewed 254 times
1 Answers
1
The IAM policy simulator covers resource based permissions. Please make sure that you specify a resource ARN to test against since this is '*' by default (which doesn't work with API Gateway). You can enter the resource ARN by clicking on that service row.
Please use the following format for your resource ARN:
arn:aws:execute-api:us-west-1:YOUR-ACCOUNT:YOUR-REST-API-ID/YOUR-STAGE/GET/YOUR-RESOURCE-PATH
Hope this helps,
Jurgen, API Gateway
Jurgen
- 1,243
- 8
- 9
-
I have Group "Admin" which is attached with existing policy "AmazonAPIGatewayInvokeFullAccess" when I simulate this policy for user and group I have access denied as I mentioned in question, even after providing specific ARN. Then I create New Policy with * for resource and attached to user and simulate "AmazonAPIGatewayInvokeFullAccess" it shows allowed. Is simulator simulate all the policies atteched to user?? or individual policy that we select during simulation? – joev Apr 14 '16 at 09:25