Posted On: Mar 26, 2021

You can now use IAM condition keys as part of IAM and Service Control Policies (SCPs) to centrally govern endpoint, authorization, and logging configurations for your APIs in API Gateway.

Using condition keys provided by API Gateway, you can enforce policies across all APIs in your organization, such as no public API is created, all API routes are protected with an authorizer, or that the required TLS version is used across all your custom domain names. You can centrally manage policies for all the AWS accounts in your organization by using condition keys as part of SCPs (Service Control Policies) in AWS Organizations.

The new condition keys provided by API Gateway can be used for HTTP, REST, and WebSocket APIs in all regions where Amazon API Gateway is available.

To learn more about how to use the new condition keys for API Gateway, see Identity-based policy examples in the API Gateway Developer Guide. To learn more about using IAM condition keys, see IAM JSON Policy Elements: Condition in the IAM User Guide.