Menu
I have API Gateway A calling API gateway B through an HTTP integration and I'd like to use a resource based policy to authenticate this. There is a Resource Policy tab on the API Gateway B that I can modify to add the role from the other account. However, how do I add a role to API Gateway A?
246
asked Oct 17 '25 19:10
I know that this is 6 months old but you have an interesting, yet perplexing question.
You cannot statically assign a role to API Gateway API's specifically, but you can implement a lambda integration in API GW A which implements code logic to sign the request using SIGV4 signing. That workflow would look similar to "API GW A -> Lambda -> code that calls API GW B and signs requests -> API GW B"
There is an initial investment in simply understanding and testing SIGV4, then implementing the logic in a lambda function. However, if you are currently signing requests for API GW A, you may already be familiar with this process. If so, you can adapt the code to run in a lambda function to make requests to API GW B.
There is also Cognito and Lambda Authorizer options to consider, depending on how you choose to secure your API GW implementation. These wouldn't use resource policies, but could offer some features you may be interested in.
Does make me wonder what is the use case for resource policies on a API GW A -> API GW B workflow though.
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
