Following is the example for adding resource policy for AWS API Gateway using Cloudformation
AWSTemplateFormatVersion: 2010-09-09Description: >-AWS CloudFormation sample template that adds resource policy for AWS API GatewayResources:GreetingsAPI:Type: AWS::ApiGateway::RestApiProperties:Name: greetings-api-internalParameters:endpointConfigurationTypes: REGIONALPolicy:Version: '2012-10-17'Statement:- Effect: AllowPrincipal: "*"Action: execute-api:InvokeResource:- arn:aws:execute-api:{region}:{aws-account}:{api-id}/*/*/*Condition:IpAddress:aws:SourceIp:- 10.0.0.1/22- 13.210.8.0/32- 0.0.0.0/0- Effect: DenyPrincipal: "*"Action: execute-api:InvokeResource:- arn:aws:execute-api:{region}:{aws-account}:{api-id}/*/*/*Condition:IpAddress:aws:SourceIp:- 10.0.0.2/22- 13.200.8.0/32
When you deploy it using Cloudformation console. It will show up in the resource policy of the API as shown below.
Please note: The above cloudformation just creates the API and adds the resource policy, you will need to add the method, responses, deployment, stages, etc to complete the cloudformation.
