Reputation: 531
Correct syntax for updating AWS API Gateway resource policy via CLI?
I am attempting to update a resource policy on my API Gateway instance via the CLI and I can't seem to find the right syntax for the JSON. In the documentation it says to use "patch-operations", and from what I understand, it needs a string of JSON for the policy. I have tried minified JSON, escaped JSON, single quotes, no quotes, and nothing seems to work. The documentation doesn't have an example of actual JSON in the value field for patch-operations, so I feel kind of lost.
I have been trying variations of this command:
aws apigateway update-rest-api --rest-api-id abcde123 --patch-operations op=replace,path=/policy,value='{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"execute-api:Invoke","Resource":"arn:aws:execute-api:region:000000000000:*"},{"Effect":"Deny","Principal":"*","Action":"execute-api:Invoke","Resource":"arn:aws:execute-api:region:000000000000:*","Condition":{"StringNotEquals":{"aws:SourceVpce":["vpce-123456789","vpce-987654321"]}}}]}'
I get an error every time saying:
Error parsing parameter '--patch-operations': Expected: '=', received: '{' for input:
Pertinent documentation here.
Upvotes: 5
Views: 2577
Answers (2)
Reputation: 238139
Here is an answer for a situation when you have a policy in a file, e.g. policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:000000000000:*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:000000000000:*",
"Condition": {
"StringNotEquals": {
"aws:SourceVpce": [
"vpce-123456789",
"vpce-987654321"
]
}
}
}
]
}
Then using jq you can stringify it:
aws apigateway update-rest-api \
--rest-api-id <api-id> \
--patch-operations op=replace,path=/policy,value=$(jq tostring policy.json)
Upvotes: 1
Reputation: 8122
The following command has been tested against my environment - ( using bash)
aws apigateway update-rest-api --rest-api-id %REST_API_ID% --patch-operations op=replace,path=/policy,value='"{\"Version
\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource
\":\"arn:aws:execute-api:region:000000000000:*\"},{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"execute-api:Inv
oke\",\"Resource\":\"arn:aws:execute-api:region:000000000000:*\",\"Condition\":{\"StringNotEquals\":{\"aws:SourceVpce\"
:[\"vpce-123456789\",\"vpce-987654321\"]}}}]}"' --region %REGION%
The key is to convert the JSON object to text stringified, I have used this site. Basically, paste your JSON into the input text box and copy the stringified text into the AWS CLI command.
More info here.
Upvotes: 7
Related Questions
- how do we update an already existing iam policy with a new json file using aws cli commands
- AWS CLI command to execute the API Gateway
- how to replace existing policy with json file using AWS cli?
- Getting a syntax error in creating a new policy using aws cli
- Add a tag to aws api gateway using aws cli
- How to hand over a json resource policy file in aws-cli create gateway command?
- Updating api gateway to vpc link through cli
- How to attach or update an API gateway resource policy using boto3
- Describe a policy in AWS using the CLI
- Update apigateway deployment with cli