API网关资源策略返回403

Question

因此，我正在尝试限制对一个API终结点在API网关上的访问权限，以便在用户注册后调用Auth0。

我对此进行了一些排列，下面的示例在我看来应该行得通。

我允许一切。 作为测试，我还专门允许了一个端点。 然后我否认每个人都有担保 然后，我允许auth0 IP地址访问SecuredEnd端点-我的IP也在该列表中，出于安全考虑，我已将其删除。

secureEndpoint没有附加授权者，应用了此策略后，所有终结点均从APIG返回403-我正在使用无服务器部署此协议，您在下面看到的是APIG控制台中资源策略部分生成的JSON

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "eu-west-2:ACCOUNT_ID:API_ID/*/*/*"
        },
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "eu-west-2:ACCOUNT_ID:API_ID/*/*/allowedEndPoint"
        },
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "eu-west-2:ACCOUNT_ID:API_ID/*/POST/securedEndpoint"
        },
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "eu-west-2:ACCOUNT_ID:API_ID/*/POST/securedEndpoint",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": [
                        "138.91.154.99",
                        "54.183.64.135",
                        "54.67.77.38",
                        "54.67.15.170",
                        "54.183.204.205",
                        "54.173.21.107",
                        "54.85.173.28",
                        "35.167.74.121",
                        "35.160.3.103",
                        "35.166.202.113",
                        "52.14.40.253",
                        "52.14.38.78",
                        "52.14.17.114",
                        "52.71.209.77",
                        "34.195.142.251",
                        "52.200.94.42"
                    ]
                }
            }
        }
    ]
}