x-amazon-apigateway-policy - Amazon API Gateway

x-amazon-apigateway-policy

Specifies a resource policy for a REST API. To learn more about resource policies, see Controlling access to an API with API Gateway resource policies. For resource policy examples, see API Gateway resource policy examples.

x-amazon-apigateway-policy example

The following example specifies a resource policy for a REST API. The resource policy denies (blocks) incoming traffic to an API from a specified source IP address block. On import, "execute-api:/*" is converted to arn:aws:execute-api:region:account-id:api-id/*, using the current Region, your AWS account ID, and the current REST API ID.

"x-amazon-apigateway-policy": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*" ] }, { "Effect": "Deny", "Principal": "*", "Action": "execute-api:Invoke", "Resource": [ "execute-api:/*" ], "Condition" : { "IpAddress": { "aws:SourceIp": "192.0.2.0/24" } } } ] }