Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Resource policy example for AWS SAM

Focus mode
Resource policy example for AWS SAM - AWS Serverless Application Model

You can control access to your APIs by attaching a resource policy within your AWS SAM template. To do this, you use the ApiAuth data type.

The following is an example AWS SAM template for a private API. A private API must have a resource policy to deploy.

AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: MyPrivateApi: Type: AWS::Serverless::Api Properties: StageName: Prod EndpointConfiguration: PRIVATE # Creates a private API. Resource policies are required for all private APIs. Auth: ResourcePolicy: CustomStatements: - Effect: 'Allow' Action: 'execute-api:Invoke' Resource: ['execute-api:/*/*/*'] Principal: '*' - Effect: 'Deny' Action: 'execute-api:Invoke' Resource: ['execute-api:/*/*/*'] Principal: '*' MyFunction: Type: 'AWS::Serverless::Function' Properties: InlineCode: | def handler(event, context): return {'body': 'Hello World!', 'statusCode': 200} Handler: index.handler Runtime: python3.10 Events: AddItem: Type: Api Properties: RestApiId: Ref: MyPrivateApi Path: / Method: get

For more information about resource policies, see Controlling access to an API with API Gateway resource policies in the API Gateway Developer Guide. For more information about private APIs, see Creating a private API in Amazon API Gateway in the API Gateway Developer Guide.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.