AWS API Gateway: User anonymous is not authorized to execute API
Trying to post to an API I've created in API gateway:
{
"Message": "User: anonymous is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-west-2:***********:jrr7u1ekrr/v0/POST/user"
}
How can I update the policy in CloudFormation to make publicly available the POST endpoint? I'm declaring the API with the AWS::ApiGateway::RestApi
resource type.
the API policy property is:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "execute-api:/*/POST/user"
}
]
}
Solution 1:
Something that tripped me up: "If the API has been deployed previously in the API Gateway console, you'll need to redeploy it for the resource policy to take effect."
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-create-attach.html
Solution 2:
Even if the Authorization is set to NONE for your OPTIONS method, it will check the resource policy if you have one.
You can make your OPTIONS method public available by setting the following API gateway resource policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:{REGION}:{AWS_ACCOUNT}:{YOUR_API_ID}/{YOUR_API_STAGE}/OPTIONS/*"
}
]
}
Ckeck How API Gateway Resource Policies Affect Authorization Workflow
Solution 3:
After the policy changes you need to redeploy the application for changes to propogate. To re-deploy - 1. Go API Gateway. 2. Go to resource. 3. Click on action drop down. click on Deploy API.