I’m setting the api authorization_type to AWS_IAM which ultimately ends up creating an API Gateway with ALL HTTP methods having Authorization of AWS_IAM including OPTIONS
My React app is using AWS Amplify for connecting to the API Gateway resources. This works great because Amplify will sign the requests with the required AWS Sig4 info to satisfy the AWS_IAM authorization.
Amplify will send out an OPTIONS request prior to the GET/PUT/POST/DELETE you are actually trying to do and unfortunately the api DOES NOT sign that OPTIONS request.
Since OPTIONS also has AWS_IAM in front of it, this results in a 403 on that request and ultimately prevents moving on to the actual request the app is trying to make.
Need some help to either get something updated or help in moving in the correct direction a solution already exists.
Update Jets to set all OPTIONS to
Authorizer = NONE
Proably not a big deal…the OPTIONS resources are just MOCKs anyway.
Assuming there is a use case for OPTIONS to have AWS_IAM, sounds like some finer grain control over Authorizers is needed. As far as I can tell, right now, you can only set it globally.
Does finer grain control already exist?
Something else/better I’m not thinking of?