0
399
VistasCorrect syntax for updating AWS API Gateway resource policy via CLI?
I am attempting to update a resource policy on my API Gateway instance via the CLI and I can't seem to find the right syntax for the JSON. In the documentation it says to use "patch-operations", and from what I understand, it needs a string of JSON for the policy. I have tried minified JSON, escaped JSON, single quotes, no quotes, and nothing seems to work. The documentation doesn't have an example of actual JSON in the value field for patch-operations, so I feel kind of lost.
I have been trying variations of this command:
aws apigateway update-rest-api --rest-api-id abcde123 --patch-operations op=replace,path=/policy,value='{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"execute-api:Invoke","Resource":"arn:aws:execute-api:region:000000000000:*"},{"Effect":"Deny","Principal":"*","Action":"execute-api:Invoke","Resource":"arn:aws:execute-api:region:000000000000:*","Condition":{"StringNotEquals":{"aws:SourceVpce":["vpce-123456789","vpce-987654321"]}}}]}'
I get an error every time saying:
Error parsing parameter '--patch-operations': Expected: '=', received: '{' for input:
Pertinent documentation here.
2 Respuestas
Responde la pregunta0
The following command has been tested against my environment - ( using bash)
aws apigateway update-rest-api --rest-api-id %REST_API_ID% --patch-operations op=replace,path=/policy,value='"{\"Version
\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource
\":\"arn:aws:execute-api:region:000000000000:*\"},{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"execute-api:Inv
oke\",\"Resource\":\"arn:aws:execute-api:region:000000000000:*\",\"Condition\":{\"StringNotEquals\":{\"aws:SourceVpce\"
:[\"vpce-123456789\",\"vpce-987654321\"]}}}]}"' --region %REGION%
The key is to convert the JSON object to text stringified, I have used this site. Basically, paste your JSON into the input text box and copy the stringified text into the AWS CLI command.
More info here.
0
Here is an answer for a situation when you have a policy in a file, e.g. policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:000000000000:*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:region:000000000000:*",
"Condition": {
"StringNotEquals": {
"aws:SourceVpce": [
"vpce-123456789",
"vpce-987654321"
]
}
}
}
]
}
Then using jq you can stringify it:
aws apigateway update-rest-api \
--rest-api-id <api-id> \
--patch-operations op=replace,path=/policy,value=$(jq tostring policy.json)