IAM permission example - AWS Serverless Application Model

IAM permission example

You can control access to your APIs by defining IAM permissions within your AWS SAM template. To do this, you use the ApiAuth data type.

The following is an example AWS SAM template section for IAM permissions:

Resources: MyApi: Type: AWS::Serverless::Api Properties: StageName: Prod Auth: DefaultAuthorizer: AWS_IAM MyFunction: Type: AWS::Serverless::Function Properties: CodeUri: . Handler: index.handler Runtime: nodejs12.x Events: GetRoot: Type: Api Properties: RestApiId: !Ref MyApi Path: / Method: get

For more information about IAM permissions, see Control access for invoking an API in the API Gateway Developer Guide.