In my API Gateway I authenticate the users with an authorizer lambda which validates Cognito JWT tokens. Despite having a customized flow which is not relying on API Keys, I want to enable usage plan enforcement by the API Gateway. How do I do that? Nothing I did so far had worked.
What have I tried so far?
I am generating a policy like this:
{
"principalId": "testuser",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": [
"arn:aws:execute-api:eu-central-1:<accountnr>:<sth>/test/GET/*"
]
}
]
},
"context": {
"attribute1": "value1",
"attribute2": "value2"
},
"usageIdentifierKey": "<api key>"
}
I have API key source set to Authorizer.
According to documentation I need to specify the attribute usageIdentifierKey if I want to use a usage plan assigned to the specified API key.
It does not work no matter if:
- The attribute
usageIdentifierKeyis not present. - The attribute
usageIdentifierKeyvalue is set to the API key id/value/name/...
Stupid me. I forgot to deploy the usage plan into the stage. After the deployment everything works. I will leave it here for future generations.