Using Tags to Control Access to a REST API in API Gateway