'AWS API Gateway: User anonymous is not authorized to execute API

Trying to post to an API I've created in API gateway: 

{
    "Message": "User: anonymous is not authorized to perform: execute-api:Invoke on resource: arn:aws:execute-api:us-west-2:***********:jrr7u1ekrr/v0/POST/user"
}

How can I update the policy in CloudFormation to make publicly available the POST endpoint? I'm declaring the API with the AWS::ApiGateway::RestApi resource type.

the API policy property is: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "execute-api:Invoke",
            "Resource": "execute-api:/*/POST/user"
        }
    ]
}
aws-api-gateway


Solution 1:[1]

Something that tripped me up: "If the API has been deployed previously in the API Gateway console, you'll need to redeploy it for the resource policy to take effect."

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-create-attach.html

Solution 2:[2]

Even if the Authorization is set to NONE for your OPTIONS method, it will check the resource policy if you have one.

You can make your OPTIONS method public available by setting the following API gateway resource policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "execute-api:Invoke",
            "Resource": "arn:aws:execute-api:{REGION}:{AWS_ACCOUNT}:{YOUR_API_ID}/{YOUR_API_STAGE}/OPTIONS/*"
        }
    ]
}

Ckeck How API Gateway Resource Policies Affect Authorization Workflow

Solution 3:[3]

After the policy changes you need to redeploy the application for changes to propagate. To re-deploy -

  1. Go API Gateway.
  2. Go to resource.
  3. Click on action drop down. click on Deploy API.

Solution 4:[4]

The issue is probably on the method declaration part. You will need to have authorizationType set to NONE in your AWS::ApiGateway::Method declaration.

Solution 5:[5]

In 

"Resource": "execute-api:/*/POST/user"

Set your Account ID instead of *

And then re-deploy.

Kr,

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Travis Bear
Solution 2 pavan Kumar
Solution 3
Solution 4 roxxypoxxy
Solution 5 Rshad Zhran

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function