Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[apigateway] grant() methods for IAM authorization #5198

Closed
nija-at opened this issue Nov 26, 2019 · 2 comments · Fixed by #25630
Closed

[apigateway] grant() methods for IAM authorization #5198

nija-at opened this issue Nov 26, 2019 · 2 comments · Fixed by #25630
Labels
@aws-cdk/aws-apigateway Related to Amazon API Gateway effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1

Comments

@nija-at
Copy link
Contributor

nija-at commented Nov 26, 2019

Currently, to grant permission to an IAM user for executing a REST method would involve the following code:

const getBooks = books.addMethod('GET', new apigateway.HttpIntegration('http://amazon.com'), {
  authorizationType: apigateway.AuthorizationType.IAM
});

iamUser.attachInlinePolicy(new iam.Policy(this, 'AllowBooks', {
  statements: [
    new iam.PolicyStatement({
      actions: [ 'execute-api:Invoke' ],
      effect: iam.Effect.Allow,
      resources: [ getBooks.methodArn() ]
    })
  ]
}))

This could be improved to support something like

getBooks.grantExecute(iamUser)
@nija-at nija-at added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. @aws-cdk/aws-apigateway Related to Amazon API Gateway and removed needs-triage This issue or PR still needs to be triaged. labels Nov 26, 2019
@nija-at nija-at self-assigned this Nov 26, 2019
@nija-at nija-at mentioned this issue Nov 26, 2019
Merged
@nija-at nija-at added the effort/medium Medium work item – several days of effort label Feb 5, 2020
@nija-at nija-at changed the title [apigateway] improved IAM authorization for Methods [apigateway] grant() methods for IAM authorization Aug 18, 2020
@nija-at nija-at added the p1 label Aug 18, 2020
@fitzchak
Copy link

fitzchak commented Feb 27, 2022
edited

+1 for grantExecute implementation.
Currently there is no way to allow different principles (external roles ARN) to execute a specific methodArn, as methodArn is available only after the policy already defined.

@otaviomacedo otaviomacedo mentioned this issue May 17, 2023
Merged
@mergify mergify bot closed this as completed in #25630 May 19, 2023
mergify bot pushed a commit that referenced this issue May 19, 2023
@otaviomacedo
feat(apigateway): add grantExecute to API Methods (#25630)
ecb59fd 
To grant permission to a user:

```ts
const books = api.root.addResource('books');
books.grantExecute(user);
```


Closes #5198.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-apigateway Related to Amazon API Gateway effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(apigateway): add grantExecute to API Methods aws/aws-cdk
2 participants
@fitzchak @nija-at