具有路径参数的AWS Api Gateway自定义授权策略

时间:2017-05-17 14:20:17

标签: amazon-web-services aws-api-gateway

有没有办法创建一个自定义授权程序,返回允许资源路径及其路径参数的策略?

实施例: 允许:GET / stores,GET / stores / {storeId} 拒绝:GET / stores / {storeId} / products

我遇到路径参数问题,因为当我返回类似arn:...:... / stage / GET / stores / {storeId}的策略时,API网关会阻止对GET / stores / 123的调用或GET / stores / 555123

1 个答案:

答案 0 :(得分:0)

这样的政策是可能的。您可以将以下结构作为自定义Authorizer策略返回以实现此目的:

{
  "principalId": "user",
  "policyDocument": {
    "Version": "2012-10-17",
    "Statement": [{
        "Action": "execute-api:Invoke",
        "Effect": "Allow",
        "Resource": "arn:aws:execute-api:eu-central-1:1234567890:9f4xsv4jbl/prod/GET/stores"
      },
      {
        "Action": "execute-api:Invoke",
        "Effect": "Deny",
        "Resource": "arn:aws:execute-api:eu-central-1:1234567890:9f4xsv4jbl/*/GET/stores/{id}"
      },
      {
        "Action": "execute-api:Invoke",
        "Effect": "Allow",
        "Resource": "arn:aws:execute-api:eu-central-1:1234567890:9f4xsv4jbl/prod/GET/stores/*/products"
      }
    ]
  }
}
相关问题
最新问题