Reputation: 2533
API Gateway DynamoDB cross account integration
I'm trying to do a direct integration with API Gateway to DynamoDB. If both are in the same accounts, this works just fine, I've had no problems with the integration.
If they're in separate accounts, I can't figure out how to signal to API Gateway that the dynamo table is in a different account.
This setup Works:
- Account 111111111: API Gateway
- Account 111111111: Dynamo DB
This setup does not:
- Account 111111111: API Gateway
- Account 222222222: Dynamo DB
In the docs they specify what a uri integration should look like:
arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}
But I don't see where/if I can specify the account id of the existing table.
An arn of dynamo table usually looks something like this, arn:aws:dynamodb:region:account-id:table/table-name, so if I could supply an arn, this would should be plausible, but that doesn't seem to work.
arn:aws:apigateway:us-east-1:dynamodb:action/Query
My questions are:
- Is it possible to do cross account integrations with API Gateway and Dynamo
- How can I specify the account id in an API integration?
- If I can't, is there a way to specify the account id in the query body somehow?
Upvotes: 0
Views: 345
Answers (1)
Reputation: 2533
I've learned that cross account integration with API Gateway is not possible as API Gateway cannot assume a cross account role. The solution was to create a lambda, which can assume the cross account role.
Upvotes: 2
Related Questions
- API Gateway cross account access
- API Gateway IAM role to access DynamoDB
- AWS HTTP API gateway with proxy integration - Model
- Reading data from DynamoDB using API Gateway AWS
- Set policy and role in AWS to connect API Gateway and DynamoDB
- Api gateway integration with dynamodb giving 404
- AWS Api Gateway Post to DynamoDB
- AWS API Gateway as proxy to dynamo DB HTTP Get mapping template
- AWS API Gateway store JSON to DynamoDB
- AWS Gateway API authentication with users stored in DynamoDB