apigateway:RejectAccessAssociation

Permissions management

apigateway:RejectAccessAssociation is a Permissions management access-level action in the apigateway service. Grants permission to reject an existing access association owned by another account to a custom domain name for private APIs

Resource types

ARNs that apigateway:RejectAccessAssociation can be scoped to in an IAM policy.

arn:${Partition}:apigateway:${Region}:${Account}:/domainnames/${DomainName}+${DomainIdentifier}
PrivateDomainName

Condition keys

Keys you can use in the Condition block of a policy that grants apigateway:RejectAccessAssociation.

apigateway:Request/EndpointType ArrayOfString

Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations

apigateway:Resource/EndpointType ArrayOfString

Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations

apigateway:Resource/RoutingMode String

Filters access by routing mode of the domain name. Available during the UpdateDomainName and DeleteDomainName operations

aws:ResourceTag/${TagKey} String

Filters access by the tags attached to the resource

Example IAM policy

A minimal policy that allows apigateway:RejectAccessAssociation. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowApigatewayRejectAccessAssociation",
      "Effect": "Allow",
      "Action": "apigateway:RejectAccessAssociation",
      "Resource": "*"
    }
  ]
}

Related actions in apigateway

View all apigateway actions →