如何拒绝除一个用户外的所有用户在AWS API Gateway中调用API [英] How can I deny all users except one to invoke API in AWS API Gateway
本文介绍了如何拒绝除一个用户外的所有用户在AWS API Gateway中调用API的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
是否有一种方法/策略可以拒绝所有用户,除了可以在AWS API Gateway上调用API终结点的用户之外?
Is there a way/policy using which I can deny all users except one who can invoke an API endpoint at AWS API Gateway?
当前使用的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::account_id:user/user-name"
},
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:account_id:api_to_be_invoked/*/*"
}
]
}
我在API网关的资源策略"中应用了上述策略,并进行了部署,但是为了进行测试,我尝试使用另一个管理员用户的访问权限和私钥通过Postman进行POST,但仍然成功完成了,但我没有这样做想要.
I applied the above policy at the API Gateway's Resource Policy and deployed it, but then, just to test, I tried using another admin user's access and secret key to POST through Postman, and it still successfully did, which I do not want.
有帮助吗?
推荐答案
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"NotPrincipal": {
"AWS":
[ "arn:aws:iam::account_id:user/user-name",
"arn:aws:iam::account_id:root"
]
},
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:account_id:api_to_be_invoked/*/*"
}
]
}
这篇关于如何拒绝除一个用户外的所有用户在AWS API Gateway中调用API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文