Posted On: Mar 26, 2021
You can now use IAM condition keys as part of IAM and Service Control Policies (SCPs) to centrally govern endpoint, authorization, and logging configurations for your APIs in API Gateway.
Using condition keys provided by API Gateway, you can enforce policies across all APIs in your organization, such as no public API is created, all API routes are protected with an authorizer, or that the required TLS version is used across all your custom domain names. You can centrally manage policies for all the Amazon Web Services accounts in your organization by using condition keys as part of SCPs (Service Control Policies) in Amazon Organizations.
The new condition keys provided by API Gateway can be used for HTTP, REST, and WebSocket APIs in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.
To learn more about how to use the new condition keys for API Gateway, see Identity-based policy examples in the API Gateway Developer Guide. To learn more about using IAM condition keys, see IAM JSON Policy Elements: Condition in the IAM User Guide.