Resource policy example - AWS Serverless Application Model

Resource policy example

You can control access to your APIs by attaching a resource policy within your AWS SAM template. To do this, you use the ApiAuth data type.

The following is an example AWS SAM template section for resource policies:

Resources: ExplicitApi: Type: AWS::Serverless::Api Properties: StageName: Prod EndpointConfiguration: PRIVATE Auth: ResourcePolicy: CustomStatements: { Effect: 'Allow', Action: 'execute-api:Invoke', Resource: ['execute-api:/*/*/*'], Principal: '*' } MinimalFunction: Type: 'AWS::Serverless::Function' Properties: CodeUri: s3://sam-demo-bucket/hello.zip Handler: hello.handler Runtime: python2.7 Events: AddItem: Type: Api Properties: RestApiId: Ref: ExplicitApi Path: /add Method: post

For more information about resource policies, see Controlling access to an API with API Gateway resource policies in the API Gateway Developer Guide.