apigateway:GET

Read

apigateway:GET is a Read access-level action in the apigateway service. Grants permission to read a particular resource

Resource types

ARNs that apigateway:GET can be scoped to in an IAM policy.

arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/accesslogsettings
AccessLogSettings
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}
Api
arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/${ApiMappingId}
ApiMapping
arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings
ApiMappings
arn:${Partition}:apigateway:${Region}::/apis
Apis
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers/${AuthorizerId}
Authorizer
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers
Authorizers
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/cache/authorizers
AuthorizersCache
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/cors
Cors
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments/${DeploymentId}
Deployment
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments
Deployments
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/exports/${Specification}
ExportedAPI
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}
Integration
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/${IntegrationResponseId}
IntegrationResponse
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses
IntegrationResponses
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations
Integrations
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}
Model
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}/template
ModelTemplate
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models
Models
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}
Route
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/requestparameters/${RequestParameterKey}
RouteRequestParameter
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}
RouteResponse
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses
RouteResponses
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}/routesettings/${RouteKey}
RouteSettings
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes
Routes
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}
Stage
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages
Stages
arn:${Partition}:apigateway:${Region}::/vpclinks/${VpcLinkId}
VpcLink
arn:${Partition}:apigateway:${Region}::/vpclinks
VpcLinks

Condition keys

Keys you can use in the Condition block of a policy that grants apigateway:GET.

apigateway:Request/AccessLoggingDestination String

Filters access by access log destination. Available during the CreateStage and UpdateStage operations

apigateway:Request/AccessLoggingFormat String

Filters access by access log format. Available during the CreateStage and UpdateStage operations

apigateway:Request/ApiKeyRequired ArrayOfBool

Filters access by the requirement of API. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import and reimport

apigateway:Request/ApiName String

Filters access by API name. Available during the CreateApi and UpdateApi operations

apigateway:Request/AuthorizerType ArrayOfString

Filters access by type of authorizer in the request, for example REQUEST or JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString

apigateway:Request/AuthorizerUri ArrayOfString

Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString

apigateway:Request/DisableExecuteApiEndpoint Bool

Filters access by status of the default execute-api endpoint. Available during the CreateApi and UpdateApi operations

apigateway:Request/EndpointType ArrayOfString

Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateApi, and UpdateApi operations

apigateway:Request/RouteAuthorizationType ArrayOfString

Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import

apigateway:Request/StageName String

Filters access by stage name of the deployment that you attempt to create. Available during the CreateDeployment operation

apigateway:Resource/AccessLoggingDestination String

Filters access by access log destination of the current Stage resource. Available during the UpdateStage and DeleteStage operations

apigateway:Resource/AccessLoggingFormat String

Filters access by access log format of the current Stage resource. Available during the UpdateStage and DeleteStage operations

apigateway:Resource/ApiKeyRequired ArrayOfBool

Filters access by the requirement of API key for the existing Route resource. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport

apigateway:Resource/ApiName String

Filters access by API name. Available during the UpdateApi and DeleteApi operations

apigateway:Resource/AuthorizerType ArrayOfString

Filters access by the current type of authorizer, for example REQUEST or JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during import and reimport as an ArrayOfString

apigateway:Resource/AuthorizerUri ArrayOfString

Filters access by the URI of the current Lambda authorizer associated with the current API. Available during UpdateAuthorizer and DeleteAuthorizer. Also available as a collection during reimport

apigateway:Resource/DisableExecuteApiEndpoint Bool

Filters access by status of the default execute-api endpoint. Available during the UpdateApi and DeleteApi operations

apigateway:Resource/EndpointType ArrayOfString

Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateApi, and DeleteApi operations

apigateway:Resource/RouteAuthorizationType ArrayOfString

Filters access by authorization type of the existing Route resource, for example NONE, AWS_IAM, CUSTOM. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport

aws:ResourceTag/${TagKey} String

Filters access by tag key-value pairs attached to the resource

Example IAM policy

A minimal policy that allows apigateway:GET. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowApigatewayGET",
      "Effect": "Allow",
      "Action": "apigateway:GET",
      "Resource": "*"
    }
  ]
}

Related actions in apigateway

View all apigateway actions →