I have API Gateway A calling API gateway B through an HTTP integration and I'd like to use a resource based policy to authenticate this. There is a Resource Policy tab on the API Gateway B that I can modify to add the role from the other account. However, how do I add a role to API Gateway A?
Asked
Active
Viewed 2,011 times
1 Answers
1
I know that this is 6 months old but you have an interesting, yet perplexing question.
You cannot statically assign a role to API Gateway API's specifically, but you can implement a lambda integration in API GW A which implements code logic to sign the request using SIGV4 signing. That workflow would look similar to "API GW A -> Lambda -> code that calls API GW B and signs requests -> API GW B"
There is an initial investment in simply understanding and testing SIGV4, then implementing the logic in a lambda function. However, if you are currently signing requests for API GW A, you may already be familiar with this process. If so, you can adapt the code to run in a lambda function to make requests to API GW B.
There is also Cognito and Lambda Authorizer options to consider, depending on how you choose to secure your API GW implementation. These wouldn't use resource policies, but could offer some features you may be interested in.
Does make me wonder what is the use case for resource policies on a API GW A -> API GW B workflow though.
NoPathInParticular
- 363
- 2
- 9