apigateway:UpdateRestApiPolicy

Permissions management

apigateway:UpdateRestApiPolicy is a Permissions management access-level action in the apigateway service. Grants permission to manage the IAM resource policy for an API. This is an additional authorization control for managing an API due to the sensitive nature of the resource policy

Resource types

ARNs that apigateway:UpdateRestApiPolicy can be scoped to in an IAM policy.

arn:${Partition}:apigateway:${Region}::/restapis/${RestApiId}
RestApi
arn:${Partition}:apigateway:${Region}::/restapis
RestApis

Condition keys

Keys you can use in the Condition block of a policy that grants apigateway:UpdateRestApiPolicy.

apigateway:Request/ApiKeyRequired ArrayOfBool

Filters access by whether an API key is required or not. Available during the CreateMethod and PutMethod operations. Also available as a collection during import and reimport

apigateway:Request/ApiName String

Filters access by API name. Available during the CreateRestApi and UpdateRestApi operations

apigateway:Request/AuthorizerType ArrayOfString

Filters access by type of authorizer in the request, for example TOKEN, REQUEST, JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString

apigateway:Request/DisableExecuteApiEndpoint Bool

Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations

apigateway:Request/EndpointType ArrayOfString

Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations

apigateway:Request/RouteAuthorizationType ArrayOfString

Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import

apigateway:Request/SecurityPolicy ArrayOfString

Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations

apigateway:Resource/ApiKeyRequired ArrayOfBool

Filters access by whether an API key is required or not for the existing Method resource. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport

apigateway:Resource/ApiName String

Filters access by API name of the existing RestApi resource. Available during UpdateRestApi and DeleteRestApi operations

apigateway:Resource/AuthorizerType ArrayOfString

Filters access by the current type of authorizer, for example TOKEN, REQUEST, JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString

apigateway:Resource/DisableExecuteApiEndpoint Bool

Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations

apigateway:Resource/EndpointType ArrayOfString

Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations

apigateway:Resource/RouteAuthorizationType ArrayOfString

Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport

apigateway:Resource/SecurityPolicy ArrayOfString

Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations

aws:ResourceTag/${TagKey} String

Filters access by the tags attached to the resource

Example IAM policy

A minimal policy that allows apigateway:UpdateRestApiPolicy. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowApigatewayUpdateRestApiPolicy",
      "Effect": "Allow",
      "Action": "apigateway:UpdateRestApiPolicy",
      "Resource": "*"
    }
  ]
}

Related actions in apigateway

View all apigateway actions →