1

Currently, this is how I am securing API gateway endpoints.

I set an API key and a usage plan and then for each endpoint:

"Endpoint > Method Request > API Key Required = true"

I would like to secure everything in the API this way. Is there a more convenient way to do it? Everything means all endpoints and all methods.

Eddy Alleman
  • 1,096
  • 2
  • 10
  • 21
misoka
  • 11
  • 1

2 Answers2

0

As per the AWS documentation here, API Keys are managed on a per method basis, and therefore cannot be applied at the resource or global API level.

hephalump
  • 5,860
  • 1
  • 22
  • 23
0

In this answer https://stackoverflow.com/a/70296022/2692914 I've put a script for the part that enables the API key for all methods of certain API.

Also, you can find the script to enable the API key for all methods of an API Gateway API on this gist.

lmiguelmh
  • 3,074
  • 1
  • 37
  • 53