AWS Amplify set "API key required" to True for a path in an API Gateway REST API

[aranbit]

Amplify CLI Version

12.14.0

Question

I have an Amplify app that has an API Gateway REST API.
I created some that are used for users of the application with AWS_IAM authorization which works great, but I also created paths that I would like to give access to external users with an API Key and a Usage Plan.

I have configured everything from the console (the api key and the usage plan), but the issue I encountered is how do I set the "API key required" flag to true from the cli on specific paths, because when I do it manually and then make some other changes to the api using the Amplify CLI, when deployed it overrides the manual change...

How can I set that the "API key required" flag to True for specific paths in my REST API using the Amplify CLI or in a way that it won't be overriden?

[AnilMaktala]

Hey @aranbit, Thank you for bringing this up. Unfortunately, API key authentication for REST APIs is not supported. You can refer to this section of the documentation for the supported authentication methods. Additionally, a similar issue was raised previously—please check this ticket for more details. aws-amplify/amplify-cli#13454

[aranbit]

I see the similar ticket that the implementation looks to provide the functionality I need but it is in javascript, I'm using Flutter with Amplify Gen 1, so no CDK, how can I achieve this behavior to set the "API Required Flag" to "True" for the specifc functions, same as shown in the other ticket?

Below is the relevent implementation that I'm looking to do just with Flutter and AWS Amplify Gen 1:
**Also in my case its only to override adding API Key authorization to functions without AWS_IAM autorization (so not both)

// following defines the api expects the request to have a header with api key
resources.restApi.apiKeySourceType = "HEADER";
// the following defines a security schema/definition for the api to allow api key and iam path
  resources.restApi.body.securityDefinitions = {
    ...resources.restApi.body.securityDefinitions,
    "use-api-key-in-header": {
      type: "apiKey",
      name: "x-api-key",
      in: "header",
      "x-amazon-apigateway-api-key-source": "HEADER",
    },
    AWS_IAM: {
      type: "apiKey",
      name: "authorization",
      in: "header",
      "x-amazon-apigateway-authtype": "awsSigv4",
    },
  };
// following are rules we can use to define on a api paths
  const apikeySecurityRules = [{ "use-api-key-in-header": [] }];
  const iamSecurityRules = [{ AWS_IAM: [] }];

// example on adding the api key rule to the `/items` path with `options` type method 
resources.restApi.body.paths["/items"].options.security = apikeySecurityRules;

// example on adding the api key rule to the `/items` path with `any` type method 
resources.restApi.body.paths["/items"]["x-amazon-apigateway-any-method"].security = apikeySecurityRules;

// similarly we can also add a iam auth rule to a different path
resources.restApi.body.paths["/abc"].options.security = iamSecurityRules;

[AnilMaktala]

Hi @aranbit, Thank you for your response. you can try implementing the above solution by overriding the REST API using the CLI. You can refer to this section of the documentation for detailed guidance:

Overriding the API Gateway.

Let me know if this resolves your issue!