CODEWITHSUNDEEP
aws-cloudformationaws-api-gatewayamazon-iamaws-sam
Mark
Mark

Reputation: 409

How to apply IAM Auth to only one method of an API gateway path - SAM template

I am currently creating a SAM template defining an AWS API gateway. I have a path /example which has 3 methods; GET, POST and OPTIONS. I want the POST method to have IAM authorisation but the others to be public with no authorisation. My SAM template currently looks like this:

Resources:
  ApiGatewayApi:
    Type: AWS::Serverless::Api
    Properties:
      Name: <API NAME>
      StageName: <Stage Name>
      Auth:
        ApiKeyRequired: false
        AddDefaultAuthorizerToCorsPreflight: false
        DefaultAuthorizer: AWS_IAM
        ResourcePolicy:
          CustomStatements: [
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": [
                  "arn:aws:iam::...",
                ]
              },
              "Action": "execute-api:Invoke",
              "Resource": "execute-api:/<Stage Name>/POST/example"
            }]
      Tags:
        <Key>: <Value>
      DefinitionBody:
        <Swagger definition>

This is however attaching IAM auth to all of the methods. How can I specify it to only be attached to one of the methods?

Thank you!

Upvotes: 0

Views: 982

Answers (1)

Mark
Mark

Reputation: 409

As @kaustubh-khavnekar mentioned in the comments the following is required:

  1. Remove DefaultAuthorizer: AWS_IAM from the Auth section.
  2. Add the following to the swagger definition for the IAM protected method endpoint
post:
  x-amazon-apigateway-auth:
    type : "AWS_IAM"
  1. Add the following to the swagger definition for the unprotected method endpoint:
get:
  x-amazon-apigateway-auth:
    type : "NONE"

Upvotes: 1

Related Questions