Amazon web services 如何配置AWS API网关以从其他AWS帐户访问它
我想让其他帐户的IAM用户能够调用我的API 我的API网关资源方法中有以下配置:Amazon web services 如何配置AWS API网关以从其他AWS帐户访问它,amazon-web-services,aws-api-gateway,api-gateway,Amazon Web Services,Aws Api Gateway,Api Gateway,我想让其他帐户的IAM用户能够调用我的API 我的API网关资源方法中有以下配置: 授权类型:AWS_IAM(我也尝试过使用Auth typeNone) 资源政策定义为: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<ACCOU
授权类型:AWS_IAM
(我也尝试过使用Auth typeNone
)
资源政策定义为:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<ACCOUNT_2>:user/ApiUser"
},
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-west-2:<ACCOUNT_1>:<API_ID>/*/*/*"
}
]
}
我错过了什么
我遵循了这个指南:
这曾经让我感到痛苦,也可能是你的问题 保存资源策略后,还必须部署API
- 在左侧的菜单中,单击向上一级
- 然后在操作下,选择部署API
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": "arn:aws:execute-api:us-west-2:<ACCOUNT_1>:<API_ID>:test/GET/*"
}
]
}
{
"message": "User: arn:aws:iam::<ACCOUNT_2>:user/ApiUser is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-west-<ACCOUNT_1>:<API_ID>/test/GET/foo/bar"
}