How Amazon API Gateway Resource Policies Affect Authorization Workflow