Resource types defined by Amazon API Gateway Management

DomainName (p. 47)    RemoveCertificateFromDomainGrants permission to remove

certificates for mutual TLS authentication from a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS

Permissions management

DomainNames (p. 47)   

Stage (p. 50)    SetWebACL Grants permission set a WAF

access control list (ACL). This is an additional authorization control for managing the Stage resource due to the sensitive nature of WebAcl's

Permissions management

Stages (p. 50)   

RestApi (p. 49)    UpdateRestApiPolicyGrants permission to manage

the IAM resource policy for an API. This is an additional authorization control for managing an API due to the sensitive nature of the resource policy

Permissions management

RestApis (p. 50)   

Resource types defined by Amazon API Gateway Management

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table (p. 40) identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see Resource types table.

Resource

types ARN Condition keys

Account arn:${Partition}:apigateway:${Region}::/

account  

Resource

types ARN Condition keys

ApiKey arn:${Partition}:apigateway:${Region}::/

apikeys/${ApiKeyId}

aws:ResourceTag/

${TagKey} (p. 53) ApiKeys arn:${Partition}:apigateway:${Region}::/

apikeys

aws:ResourceTag/

${TagKey} (p. 53) Authorizer arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/authorizers/

${AuthorizerId}

apigateway:Request/

AuthorizerType (p. 51) apigateway:Request/

AuthorizerUri (p. 51) apigateway:Resource/

AuthorizerType (p. 52) apigateway:Resource/

AuthorizerUri (p. 52) aws:ResourceTag/

${TagKey} (p. 53) Authorizers arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/authorizers

apigateway:Request/

AuthorizerType (p. 51) apigateway:Request/

AuthorizerUri (p. 51) aws:ResourceTag/

${TagKey} (p. 53)

BasePathMappingarn:${Partition}:apigateway:${Region}::/

domainnames/${DomainName}/basepathmappings/

${BasePath}

aws:ResourceTag/

${TagKey} (p. 53)

BasePathMappingsarn:${Partition}:apigateway:${Region}::/

domainnames/${DomainName}/basepathmappings

aws:ResourceTag/

${TagKey} (p. 53)

ClientCertificate arn:${Partition}:apigateway:${Region}::/

clientcertificates/${ClientCertificateId}

aws:ResourceTag/

${TagKey} (p. 53)

ClientCertificatesarn:${Partition}:apigateway:${Region}::/

clientcertificates aws:ResourceTag/

${TagKey} (p. 53) Deployment arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/deployments/

${DeploymentId}

aws:ResourceTag/

${TagKey} (p. 53)

Deployments arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/deployments

apigateway:Request/

StageName (p. 52)

DocumentationPartarn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/documentation/parts/

${DocumentationPartId}

aws:ResourceTag/

${TagKey} (p. 53)

DocumentationPartsarn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/documentation/parts

aws:ResourceTag/

${TagKey} (p. 53)

Resource

types ARN Condition keys

DocumentationVersionarn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/documentation/

versions/${DocumentationVersionId}

 

DocumentationVersionsarn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/documentation/versions  

DomainName arn:${Partition}:apigateway:${Region}::/

domainnames/${DomainName}

apigateway:Request/

EndpointType (p. 52) apigateway:Request/

MtlsTrustStoreUri (p. 52) apigateway:Request/

MtlsTrustStoreVersion (p. 52) apigateway:Request/

SecurityPolicy (p. 52) apigateway:Resource/

EndpointType (p. 53) apigateway:Resource/

MtlsTrustStoreUri (p. 53) apigateway:Resource/

MtlsTrustStoreVersion (p. 53) apigateway:Resource/

SecurityPolicy (p. 53) aws:ResourceTag/

${TagKey} (p. 53) DomainNames arn:${Partition}:apigateway:${Region}::/

domainnames

apigateway:Request/

EndpointType (p. 52) apigateway:Request/

MtlsTrustStoreUri (p. 52) apigateway:Request/

MtlsTrustStoreVersion (p. 52) apigateway:Request/

SecurityPolicy (p. 52) aws:ResourceTag/

${TagKey} (p. 53)

GatewayResponsearn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/gatewayresponses/

${ResponseType}

aws:ResourceTag/

${TagKey} (p. 53)

GatewayResponsesarn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/gatewayresponses

aws:ResourceTag/

${TagKey} (p. 53)

Resource

types ARN Condition keys

Integration arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/resources/

${ResourceId}/methods/${HttpMethodType}/

integration

aws:ResourceTag/

${TagKey} (p. 53)

IntegrationResponsearn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/resources/

${ResourceId}/methods/${HttpMethodType}/

integration/responses/${StatusCode}

 

Method arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/resources/

${ResourceId}/methods/${HttpMethodType}

apigateway:Request/

ApiKeyRequired (p. 51) apigateway:Request/

RouteAuthorizationType (p. 52) apigateway:Resource/

ApiKeyRequired (p. 52) apigateway:Resource/

RouteAuthorizationType (p. 53) aws:ResourceTag/

${TagKey} (p. 53)

MethodResponsearn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/resources/

${ResourceId}/methods/${HttpMethodType}/

responses/${StatusCode}

 

Model arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/models/${ModelName}

aws:ResourceTag/

${TagKey} (p. 53) Models arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/models

aws:ResourceTag/

${TagKey} (p. 53)

RequestValidatorarn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/requestvalidators/

${RequestValidatorId}

 

RequestValidatorsarn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/requestvalidators

 

Resource arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/resources/

${ResourceId}

aws:ResourceTag/

${TagKey} (p. 53)

Resources arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/resources

aws:ResourceTag/

${TagKey} (p. 53)

Resource

types ARN Condition keys

RestApi arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}

apigateway:Request/

ApiKeyRequired (p. 51) apigateway:Request/

ApiName (p. 51) apigateway:Request/

AuthorizerType (p. 51) apigateway:Request/

AuthorizerUri (p. 51) apigateway:Request/

DisableExecuteApiEndpoint (p. 52) apigateway:Request/

EndpointType (p. 52) apigateway:Request/

RouteAuthorizationType (p. 52) apigateway:Resource/

ApiKeyRequired (p. 52) apigateway:Resource/

ApiName (p. 52) apigateway:Resource/

AuthorizerType (p. 52) apigateway:Resource/

AuthorizerUri (p. 52) apigateway:Resource/

DisableExecuteApiEndpoint (p. 53) apigateway:Resource/

EndpointType (p. 53) apigateway:Resource/

RouteAuthorizationType (p. 53) aws:ResourceTag/

${TagKey} (p. 53)

Resource

types ARN Condition keys

RestApis arn:${Partition}:apigateway:${Region}::/

restapis

apigateway:Request/

ApiKeyRequired (p. 51) apigateway:Request/

ApiName (p. 51) apigateway:Request/

AuthorizerType (p. 51) apigateway:Request/

AuthorizerUri (p. 51) apigateway:Request/

DisableExecuteApiEndpoint (p. 52) apigateway:Request/

EndpointType (p. 52) apigateway:Request/

RouteAuthorizationType (p. 52) aws:ResourceTag/

${TagKey} (p. 53)

Sdk arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/stages/${StageName}/

sdks/${SdkType}

 

Stage arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/stages/${StageName}

apigateway:Request/

AccessLoggingDestination (p. 51) apigateway:Request/

AccessLoggingFormat (p. 51) apigateway:Resource/

AccessLoggingDestination (p. 52) apigateway:Resource/

AccessLoggingFormat (p. 52) aws:ResourceTag/

${TagKey} (p. 53) Stages arn:${Partition}:apigateway:${Region}::/

restapis/${RestApiId}/stages

apigateway:Request/

AccessLoggingDestination (p. 51) apigateway:Request/

AccessLoggingFormat (p. 51) aws:ResourceTag/

${TagKey} (p. 53) Template arn:${Partition}:apigateway:${Region}::/

restapis/models/${ModelName}/template

 

UsagePlan arn:${Partition}:apigateway:${Region}::/

usageplans/${UsagePlanId}

aws:ResourceTag/

${TagKey} (p. 53)

Resource

types ARN Condition keys

UsagePlans arn:${Partition}:apigateway:${Region}::/

usageplans

aws:ResourceTag/

${TagKey} (p. 53) UsagePlanKey arn:${Partition}:apigateway:${Region}::/

usageplans/${UsagePlanId}/keys/${Id}

 

UsagePlanKeys arn:${Partition}:apigateway:${Region}::/

usageplans/${UsagePlanId}/keys

 

VpcLink arn:${Partition}:apigateway:${Region}::/

vpclinks/${VpcLinkId}

aws:ResourceTag/

${TagKey} (p. 53) VpcLinks arn:${Partition}:apigateway:${Region}::/

vpclinks

aws:ResourceTag/

${TagKey} (p. 53)

在文檔中 Actions, resources, and condition keys for AWS services (頁 53-59)