0

AWS threw a below error saying the user doesn't have access to apigateway:TagResource permission, but when I checklist of available permissions in the IAM console, I'm not able to find any such permission.

xxxx is not authorized to perform: apigateway:TagResource on resource xxx

Currently, I've given the below permissions for that API.

{
    "Effect": "Allow",
    "Action": [
        "apigateway:DELETE",
        "apigateway:PUT",
        "apigateway:PATCH",
        "apigateway:POST",
        "apigateway:GET"
    ],
    "Resource": [
        "arn:aws:apigateway:*::/restapis*",
        "arn:aws:apigateway:*::/apikeys*",
        "arn:aws:apigateway:*::/usageplans*",
        "arn:aws:apigateway:*::/domainnames*",
        "arn:aws:apigateway:*::/tags*",
        "arn:aws:apigateway:*::/apis*"
    ],
    "Condition": {
        "StringLikeIfExists": {
            "apigateway:Request/apiName": "my-api*"
        }
    }
}

How to resolve this, any other permission is required?

DilLip_Chowdary
  • 103
  • 1
  • 3

1 Answers1

1

I was dealing with a similar issue. Ultimately, the following worked for me:

{
  "Effect": "Allow",
  "Action": [
    "apigateway:POST",
    "apigateway:TagResource"
  ],
  "Resource": [
    "arn:aws:apigateway:*::/apis",
    "arn:aws:apigateway:*::/apis/*/stages"
  ],
  "Condition": {
    "StringEquals": {
      "aws:RequestTag/WbyProjectName": [
        "webiny-js"
      ]
    }
  }
}
Adrian
  • 126
  • 1