Skip to main content
All CollectionsConnectConnecting API GatewaysAmazon API Gateway
Connect Amazon API Gateway
Connect Amazon API Gateway

How to connect an new Amazon API Gateway

Updated over 8 months ago

The following instructions summarize the detailed instructions found within the application when logged in.

The application instructions may provide additional files and parameters for your application and should be considered the master.

For detailed instructions on how to create assume-role and permissions, look up here on Amazon.

Apiable uses the safe and advanced connection mechanism to your AWS Gateway called: Assume Role. It only asks for permissions it needs and you can revoke the role at any time, whiteout impacting your services.

Let's go through the part that Apiable needs to get access your AWS Gateway:

  1. Start by giving your new connection a name that best describes it.

  2. Select the AWS region where your API Gateway resides.

  3. Select the following JSON and replace all %YOUR_GATEWAY_REGION% placeholders with the region your gateway runs on e.g. eu-central-1 in any editor of your choice.

    { "Version": "2012-10-17", "Statement": [ { "Sid": "EnableGET", "Effect": "Allow", "Action": [ "apigateway:GET" ], "Resource": [ "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/restapis", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/restapis/*", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/apikeys", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/apikeys/*", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans/*", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans/*/keys", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans/*/keys/*", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/restapis/*/stages", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/restapis/*/stages/*" ] }, { "Sid": "EnableFULL", "Effect": "Allow", "Action": [ "apigateway:DELETE", "apigateway:PUT", "apigateway:PATCH", "apigateway:POST" ], "Resource": [ "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/apikeys", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/apikeys/*", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans/*", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans/*/keys", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/usageplans/*/keys/*", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/restapis/*/stages", "arn:aws:apigateway:%YOUR_GATEWAY_REGION%::/restapis/*/stages/*" ] } ] }

    The edited JSON must not contain any %YOUR_GATEWAY_REGION% placeholders after edit and the Resource list should look something like (our example region is eu-central-1). This step is crucial to connect to the Amazon Gateway properly.

    ... "Resource": [ "arn:aws:apigateway:eu-central-1::/apikeys", "arn:aws:apigateway:eu-central-1::/apikeys/*", ... `

  4. Create a policy with a meaningful name, which will help to find it later. Lets call it: "ApiableApiGatewayMgmt".

  5. Paste the edited JSON content from Step. 3 into the AWS JSON edit UI and save it.

  6. Now go to roles and created a new "Custom Trust Policy" role with a meaningful name, which will help to find it later. Lets call it: "ApiableApiGatewayMgmt". Put the following content into custom trust policy JSON UI, which will allow our Apiable account (034444869755) to assume role on your behalf:

    { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::034444869755:root" }, "Action": "sts:AssumeRole" } ] }

  7. Navigate in to freshly created role from step 6 and link the permission policy, which we created in the step 3-5, to this role

  8. Once created navigate to the role and Copy&Paste the Role ARN into the dashboard Amazon Gateway configuration. It should look something like:

    arn:aws:iam::%YOUR_AWS_ACCOUNT_ID%:role/ApiableApiGatewayMgmt `

  9. Make sure your API is deployed and has a Stage. A precondition to creating a new Usage Plan is that you'll need to deploy the API and have a Stage set up in advance. If you don't already have a Stage for this API then follow these instructions

  10. Select how you wish to Authorize access to your APIs.

  11. Hit the “Test” button, if all is well you should see “Connected”

  12. Save your changes and start using your Amazon Gateway!

If you receive a CORS error when trying out the API in the portal try-out console, you may need to enable CORS in the Amazon API Gateway.

Did this answer your question?