apigateway:UpdateRestApiPolicy is a Permissions management access-level action in the apigateway service. Grants permission to manage the IAM resource policy for an API. This is an additional authorization control for managing an API due to the sensitive nature of the resource policy
ARNs that apigateway:UpdateRestApiPolicy can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants apigateway:UpdateRestApiPolicy.
Filters access by whether an API key is required or not. Available during the CreateMethod and PutMethod operations. Also available as a collection during import and reimport
Filters access by API name. Available during the CreateRestApi and UpdateRestApi operations
Filters access by type of authorizer in the request, for example TOKEN, REQUEST, JWT. Available during CreateAuthorizer and UpdateAuthorizer. Also available during import and reimport as an ArrayOfString
Filters access by status of the default execute-api endpoint. Available during the CreateRestApi and DeleteRestApi operations
Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations
Filters access by authorization type, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the CreateMethod and PutMethod operations Also available as a collection during import
Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations
Filters access by whether an API key is required or not for the existing Method resource. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport
Filters access by API name of the existing RestApi resource. Available during UpdateRestApi and DeleteRestApi operations
Filters access by the current type of authorizer, for example TOKEN, REQUEST, JWT. Available during UpdateAuthorizer and DeleteAuthorizer operations. Also available during reimport as an ArrayOfString
Filters access by status of the default execute-api endpoint of the current RestApi resource. Available during UpdateRestApi and DeleteRestApi operations
Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations
Filters access by authorization type of the existing Method resource, for example NONE, AWS_IAM, CUSTOM, JWT, COGNITO_USER_POOLS. Available during the PutMethod and DeleteMethod operations. Also available as a collection during reimport
Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations
Filters access by the tags attached to the resource
A minimal policy that allows apigateway:UpdateRestApiPolicy. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowApigatewayUpdateRestApiPolicy",
"Effect": "Allow",
"Action": "apigateway:UpdateRestApiPolicy",
"Resource": "*"
}
]
}