Search code examples
amazon-web-servicesaws-cloudformationaws-api-gateway

AWS API Gateway: User anonymous is not authorized to execute API

Trying to post to an API I've created in API gateway: 

{
    "Message": "User: anonymous is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-west-2:***********:jrr7u1ekrr/v0/POST/user"
}

How can I update the policy in CloudFormation to make publicly available the POST endpoint? I'm declaring the API with the AWS::ApiGateway::RestApi resource type.

the API policy property is: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "execute-api:/*/POST/user"
        }
    ]
}
Solution

  • Something that tripped me up: "If the API has been deployed previously in the API Gateway console, you'll need to redeploy it for the resource policy to take effect."

    https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-create-attach.html