Amazon_ApiGateway_4
When authorization Type is set to None any one with access to the APIGateway network can use it if the gateway is public anyone can use the API
From TF:
Set a authorizer to your api Gateway
resource “aws_api_gateway_method” “test” {
rest_api_id = aws_api_gateway_rest_api.this.id
resource_id = aws_api_gateway_resource.this.id
+ http_method = “…” # i.e “GET”, “PUT”, “OPTIONS”: if http_method != “OPTIONS”
+ authorization = “…” #authorization != “NONE”
# OR
+ http_method = “OPTIONS” # if http_method == “OPTIONS”
+ authorization = “NONE” # authorization = “NONE”
authorizer_id = aws_api_gateway_authorizer.this.id
}
References:
1.https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-to-api.html
