Open ryan-roemer opened 5 years ago
Note from @tptee
For future reference, you might be able to lock this down with resource policies (I've done so for a private endpoint but I think it works for any endpoint type): https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies-create-attach.html
Our APIGW IAM ARNs are presently:
with wildcards because they don't correspond to predictable names. You only get the name after your do a sls deploy, which present s a chicken-vs-egg problem.
Task
terraform apply
with new variable that limits this more from sls