How to allow access to an api resource with api gateway in aws?

Question

I have an api gateway configuration with cognito authorization. I enabled a general proxy path for all my api calls which end up with v1.

So all api resources under v1 need to be authorized.

But I have a couple of endpoints which I don't need authorization for, since they are webhooks which will be called by 3rd parties.

How can I add a policy to make an exception for these endpoints (resources) so that I can access them without any authorization.

I tried to add a policy as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "{myResourceIds}/*/POST/stripe/connect/webhook"
        }
    ]
}

For instance when I call my api with /stripe/connect/webhook I don't want any authorization for that path. How can I acomplish this ?

Cognito authorizers need to be configured separately for each method in an AWS REST API Gateway ([Source](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html)). Are you sure you haven't just created an authorizer and not actually configured it for any of the endpoints? — Kaustubh Khavnekar, Jan 14 '22 at 17:32

score 0 · Answer 1 · answered Jan 15 '22 at 06:05

If you have created separate resource for these calls then you can simply not add any authorization to them. If you have a single ANY resource but want to have authorizer for certain paths and not others you can create a lambda authorizer that checks event path and passes any requests with paths that don't need authorization.

How to allow access to an api resource with api gateway in aws?

1 Answers1