Using IAM authorization - Amazon API Gateway

Using IAM authorization

You can enable IAM authorization for HTTP API routes. When IAM authorization is enabled, clients must use Signature Version 4 to sign their requests with AWS credentials. API Gateway invokes your API route only if the client has execute-api permission for the route.

IAM authorization for HTTP APIs is similar to that for REST APIs.


Resource policies aren't currently supported for HTTP APIs.

For examples of IAM policies that grant clients the permission to invoke APIs, see Control access for invoking an API.

Enable IAM authorization for a route

The following AWS CLI command enables IAM authorization for an HTTP API route.

aws apigatewayv2 update-route \ --api-id abc123 \ --route-id abcdef \ --authorization-type AWS_IAM