apigateway:PATCH

Write

apigateway:PATCH is a Write access-level action in the apigateway service. Grants permission to update a particular resource

Resource types

ARNs that apigateway:PATCH can be scoped to in an IAM policy.

arn:${Partition}:apigateway:${Region}::/apis/${ApiId}
Api
arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}/apimappings/${ApiMappingId}
ApiMapping
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/authorizers/${AuthorizerId}
Authorizer
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/deployments/${DeploymentId}
Deployment
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}
Integration
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/integrations/${IntegrationId}/integrationresponses/${IntegrationResponseId}
IntegrationResponse
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/models/${ModelId}
Model
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}
Route
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/requestparameters/${RequestParameterKey}
RouteRequestParameter
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/routes/${RouteId}/routeresponses/${RouteResponseId}
RouteResponse
arn:${Partition}:apigateway:${Region}::/apis/${ApiId}/stages/${StageName}
Stage
arn:${Partition}:apigateway:${Region}::/vpclinks/${VpcLinkId}
VpcLink

Condition keys

Keys you can use in the Condition block of a policy that grants apigateway:PATCH.

apigateway:Request/AccessLoggingDestination String

Filters access by access log destination. Available during the CreateStage and UpdateStage operations

apigateway:Request/AccessLoggingFormat String

Filters access by access log format. Available during the CreateStage and UpdateStage operations

apigateway:Request/ApiKeyRequired ArrayOfBool

Filters access by the requirement of API. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import and reimport

apigateway:Request/ApiName String

Filters access by API name. Available during the CreateApi and UpdateApi operations

apigateway:Request/AuthorizerType ArrayOfString

Filters access by type of authorizer in the request, for example REQUEST or JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString

apigateway:Request/AuthorizerUri ArrayOfString

Filters access by URI of a Lambda authorizer function. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString

apigateway:Request/DisableExecuteApiEndpoint Bool

Filters access by status of the default execute-api endpoint. Available during the CreateApi and UpdateApi operations

apigateway:Request/EndpointType ArrayOfString

Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateApi, and UpdateApi operations

apigateway:Request/RouteAuthorizationType ArrayOfString

Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT. Available during the CreateRoute and UpdateRoute operations. Also available as a collection during import

apigateway:Resource/AccessLoggingDestination String

Filters access by access log destination of the current Stage resource. Available during the UpdateStage and DeleteStage operations

apigateway:Resource/AccessLoggingFormat String

Filters access by access log format of the current Stage resource. Available during the UpdateStage and DeleteStage operations

apigateway:Resource/ApiKeyRequired ArrayOfBool

Filters access by the requirement of API key for the existing Route resource. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport

apigateway:Resource/ApiName String

Filters access by API name. Available during the UpdateApi and DeleteApi operations

apigateway:Resource/AuthorizerType ArrayOfString

Filters access by the current type of authorizer, for example REQUEST or JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during import and reimport as an ArrayOfString

apigateway:Resource/AuthorizerUri ArrayOfString

Filters access by the URI of the current Lambda authorizer associated with the current API. Available during UpdateAuthorizer and DeleteAuthorizer. Also available as a collection during reimport

apigateway:Resource/DisableExecuteApiEndpoint Bool

Filters access by status of the default execute-api endpoint. Available during the UpdateApi and DeleteApi operations

apigateway:Resource/EndpointType ArrayOfString

Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateApi, and DeleteApi operations

apigateway:Resource/RouteAuthorizationType ArrayOfString

Filters access by authorization type of the existing Route resource, for example NONE, AWS_IAM, CUSTOM. Available during the UpdateRoute and DeleteRoute operations. Also available as a collection during reimport

aws:ResourceTag/${TagKey} String

Filters access by tag key-value pairs attached to the resource

Example IAM policy

A minimal policy that allows apigateway:PATCH. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowApigatewayPATCH",
      "Effect": "Allow",
      "Action": "apigateway:PATCH",
      "Resource": "*"
    }
  ]
}

Related actions in apigateway

View all apigateway actions →