0

I am going to Update existing Api gateway through aws cli commands (https://docs.aws.amazon.com/cli/latest/reference/apigateway/put-rest-api.html) from AWS CodePipeline and meet problem that CodeBuild has 

An error occurred (AccessDeniedException) when calling the GetRestApis operation: User: arn:aws:sts:<skipped_text> is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:us-west-2::/restapis

Is it possible to update Api gateway through code using CodePipeline and aws cli? Or What do you use as a tool for updating apigateway?

user1167633
  • 11
  • 4

2 Answers2

1

Make sure to add following policy to the IAM user in order to allow admin access (CREATE, READ, UPDATE, DELETE) to API gateway, 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "apigateway:*"
            ],
            "Resource": "arn:aws:apigateway:*::/*"
        }
    ]
}

which also exists under amazon managed policies, AmazonAPIGatewayAdministrator,

admin apigateway access

prayagupa
  • 30,204
  • 14
  • 155
  • 192
0

1) Please check your credential working properly or not ,It appears that the credentials used in your AWS SDK do not have valid permissions on the API Gateway API.

You will need to define a policy for the user/role similar to below.

2) When using CloudFormation with CodePipeline, need to create a role that can be assumed by CloudFormation,CodePipeline moves releases through a pipeline using the role you specify for a pipeline. CloudFormation needs permission to assume a separate role that you create for the CloudFormation action (it's not enough to create a role with permission to access other resources).

References

vaquar khan
  • 10,864
  • 5
  • 72
  • 96