sam-property-api-resourcepolicystatement.md

ResourcePolicyStatement

Configure Resource Policy for all methods and paths on an API.

Syntax

To declare this entity in your AWS SAM template, use the following syntax:

YAML

  [AwsAccountBlacklist](#sam-api-resourcepolicystatement-awsaccountblacklist): List
  [AwsAccountWhitelist](#sam-api-resourcepolicystatement-awsaccountwhitelist): List
  [CustomStatements](#sam-api-resourcepolicystatement-customstatements): List
  [IpRangeBlacklist](#sam-api-resourcepolicystatement-iprangeblacklist): List
  [IpRangeWhitelist](#sam-api-resourcepolicystatement-iprangewhitelist): List
  [SourceVpcBlacklist](#sam-api-resourcepolicystatement-sourcevpcblacklist): List
  [SourceVpcWhitelist](#sam-api-resourcepolicystatement-sourcevpcwhitelist): List

Properties

AwsAccountBlacklist Resource Policy statements will be generated and attached to the API for blacklisting the given list of AWS accounts.
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.
See Also: See the AWS documentation for more information about this property.

AwsAccountWhitelist Resource Policy statements will be generated and attached to the API for whitelisting the given list of AWS accounts.
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.
See Also: See the AWS documentation for more information about this property.

CustomStatements A list of resource policy statements can be given for an API.
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.
See Also: See the AWS documentation for more information about this property.

IpRangeBlacklist Resource Policy statements will be generated and attached to the API for blacklisting the given list of Ip addresses or ranges.
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.
See Also: See the AWS documentation for more information about this property.

IpRangeWhitelist Resource Policy statements will be generated and attached to the API for whitelisting the given list of Ip addresses or ranges.
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.
See Also: See the AWS documentation for more information about this property.

SourceVpcBlacklist Resource Policy statements will be generated and attached to the API for blacklisting the given list of Source Vpcs or Vpc endpoints
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.
See Also: See the AWS documentation for more information about this property.

SourceVpcWhitelist Resource Policy statements will be generated and attached to the API for whitelisting the given list of Source Vpcs or Vpc endpoints.
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.
See Also: See the AWS documentation for more information about this property.

Examples

SourceVpcBlacklist

Blacklisting source VPC or VPC endpoint

YAML

Auth:
  ResourcePolicy:
    CustomStatements: [{
                         "Effect": "Allow",
                         "Principal": "*",
                         "Action": "execute-api:Invoke",
                         "Resource": "execute-api:/Prod/PUT/get",
                         "Condition": {
                           "IpAddress": {
                             "aws:SourceIp": "1.2.3.4"
                           }
                         }
                       }]
    IpRangeBlacklist: ['10.20.30.40', '1.2.3.4']
    SourceVpcBlacklist: ["vpce-1a2b3c4d"]
    AwsAccountWhitelist: ['123456789101']