apigateway:CreateAccessAssociation

Permissions management

apigateway:CreateAccessAssociation is a Permissions management access-level action in the apigateway service. Grants permission to create an access association from an access association source to a custom domain name for private APIs

Resource types

ARNs that apigateway:CreateAccessAssociation can be scoped to in an IAM policy.

arn:${Partition}:apigateway:${Region}:${Account}:/domainnames/${DomainName}+${DomainIdentifier}
PrivateDomainName

Condition keys

Keys you can use in the Condition block of a policy that grants apigateway:CreateAccessAssociation.

apigateway:Request/EndpointType ArrayOfString

Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations

apigateway:Resource/EndpointType ArrayOfString

Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations

apigateway:Resource/RoutingMode String

Filters access by routing mode of the domain name. Available during the UpdateDomainName and DeleteDomainName operations

aws:ResourceTag/${TagKey} String

Filters access by the tags attached to the resource

Example IAM policy

A minimal policy that allows apigateway:CreateAccessAssociation. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowApigatewayCreateAccessAssociation",
      "Effect": "Allow",
      "Action": "apigateway:CreateAccessAssociation",
      "Resource": "*"
    }
  ]
}

Related actions in apigateway

View all apigateway actions →