Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Control access to HTTP APIs with IAM authorization

You can enable IAM authorization for HTTP API routes. When IAM authorization is enabled, clients must use Signature Version 4 (SigV4) to sign their requests with Amazon credentials. API Gateway invokes your API route only if the client has execute-api permission for the route.

IAM authorization for HTTP APIs is similar to that for REST APIs.

For examples of IAM policies that grant clients the permission to invoke APIs, see Control access for invoking an API.

Enable IAM authorization for a route

The following Amazon CLI command enables IAM authorization for an HTTP API route.

aws apigatewayv2 update-route \
    --api-id abc123 \
    --route-id abcdef \
    --authorization-type AWS_IAM