Control access to HTTP APIs with IAM authorization

You can enable IAM authorization for HTTP API routes. When IAM authorization is enabled, clients must use Signature Version 4 (SigV4) to sign their requests with AWS credentials. API Gateway invokes your API route only if the client has execute-api permission for the route.

IAM authorization for HTTP APIs is similar to that for REST APIs.

Note

Resource policies aren't currently supported for HTTP APIs.

For examples of IAM policies that grant clients the permission to invoke APIs, see Control access for invoking an API.

Enable IAM authorization for a route

The following AWS CLI command enables IAM authorization for an HTTP API route.


aws apigatewayv2 update-route \
    --api-id abc123 \
    --route-id abcdef \
    --authorization-type AWS_IAM

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

JWT authorizers

Integrations