0

I'm trying to create a simple ApiGateway on top of a DynamoDB to add a endpoint for users to access the data trough this.

Integration type AWS Service

AWS Region eu-west-1

AWS Service DynamoDB

AWS Subdomain

HTTP method GET

Action ListResources

Execution role [iam arn]

Credentials cache Do not add caller credentials to cache key

Content Handling Passthrough

When I click the test Button i get :

Execution failed due to configuration error: API Gateway does not have permission to assume the provided role

Checked here and there but have no clue on the problem. I tried changing the permissions of the IAM user and gave him all Dynamo and APIGateway rights, but no change.

Improve this question
1
  • This tutorial matches your requirements well, and starts off in high detail on IAM: medium.com/@likhita507/… Commented Mar 25, 2020 at 9:46

2 Answers 2

Reset to default
1

It seems the issue is linked to the fact that I used a IAM user instead of an IAM Role. I'll leave that here, maybe that will help.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

First, update the execution role to use a role rather than an IAM user. Then, ensure that the role has permissions for all of the DynamoDB operations and resources that you want to access. Finally, grant API Gateway permissions to assume that role by adding an IAM trust policy as shown below.

From section "API Gateway Permissions Model for Invoking an API" on documentation page here

When an API is integrated with an AWS service (for example, AWS Lambda) in the back end, API Gateway must also have permissions to access integrated AWS resources (for example, invoking a Lambda function) on behalf of the API caller. To grant these permissions, create an IAM role of the Amazon API Gateway type. This role contains the following IAM trust policy that declares API Gateway as a trusted entity that is permitted to assume the role:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "apigateway.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.