[ aws . apigateway ]
update-method
--rest-api-id <value>
--resource-id <value>
--http-method <value>
[--patch-operations <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]
--rest-api-id
(string)
The string identifier of the associated RestApi.
--resource-id
(string)
The Resource identifier for the Method resource.
--http-method
(string)
The HTTP verb of the Method resource.
--patch-operations
(list)
For more information about supported patch operations, see Patch Operations .
(structure)
For more information about supported patch operations, see Patch Operations .
op -> (string)
An update operation to be performed with this PATCH request. The valid value can be add, remove, replace or copy. Not all valid operations are supported for a given resource. Support of the operations depends on specific operational contexts. Attempts to apply an unsupported operation on a resource will return an error message..path -> (string)
The op operation’s target, as identified by a JSON Pointer value that references a location within the targeted resource. For example, if the target resource has an updateable property of {“name”:”value”}, the path for this property is /name. If the name property value is a JSON object (e.g., {“name”: {“child/name”: “child-value”}}), the path for the child/name property will be /name/child~1name. Any slash (“/”) character appearing in path names must be escaped with “~1”, as shown in the example above. Each op operation can have only one path associated with it.value -> (string)
The new target value of the update operation. It is applicable for the add or replace operation. When using AWS CLI to update a property of a JSON value, enclose the JSON object with a pair of single quotes in a Linux shell, e.g., ‘{“a”: …}’.from -> (string)
The copy update operation’s source as identified by a JSON-Pointer value referencing the location within the targeted resource to copy the value from. For example, to promote a canary deployment, you copy the canary deployment ID to the affiliated deployment ID by calling a PATCH request on a Stage resource with “op”:”copy”, “from”:”/canarySettings/deploymentId” and “path”:”/deploymentId”.
Shorthand Syntax:
op=string,path=string,value=string,from=string ...
JSON Syntax:
[
{
"op": "add"|"remove"|"replace"|"move"|"copy"|"test",
"path": "string",
"value": "string",
"from": "string"
}
...
]
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
--debug
(boolean)
Turn on debug logging.
--endpoint-url
(string)
Override command’s default URL with the given URL.
--no-verify-ssl
(boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate
(boolean)
Disable automatic pagination.
--output
(string)
The formatting style for command output.
--query
(string)
A JMESPath query to use in filtering the response data.
--profile
(string)
Use a specific profile from your credential file.
--region
(string)
The region to use. Overrides config/env settings.
--version
(string)
Display the version of this tool.
--color
(string)
Turn on/off color output.
--no-sign-request
(boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle
(string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout
(int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout
(int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
--cli-binary-format
(string)
The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob fileb://
will always be treated as binary and use the file contents directly regardless of the cli-binary-format
setting. When using file://
the file contents will need to properly formatted for the configured cli-binary-format
.
--no-cli-pager
(boolean)
Disable cli pager for output.
--cli-auto-prompt
(boolean)
Automatically prompt for CLI input parameters.
--no-cli-auto-prompt
(boolean)
Disable automatically prompt for CLI input parameters.
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
Example 1: To modify a method to require an API key
The following update-method
example modifies the method to require an API key.
aws apigateway update-method \
--rest-api-id 1234123412 \
--resource-id a1b2c3 \
--http-method GET \
--patch-operations op="replace",path="/apiKeyRequired",value="true"
Output:
{
"httpMethod": "GET",
"authorizationType": "NONE",
"apiKeyRequired": true,
"methodResponses": {
"200": {
"statusCode": "200",
"responseModels": {}
}
},
"methodIntegration": {
"type": "AWS",
"httpMethod": "POST",
"uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789111:function:hello-world/invocations",
"passthroughBehavior": "WHEN_NO_MATCH",
"contentHandling": "CONVERT_TO_TEXT",
"timeoutInMillis": 29000,
"cacheNamespace": "h7i8j9",
"cacheKeyParameters": [],
"integrationResponses": {
"200": {
"statusCode": "200",
"responseTemplates": {}
}
}
}
}
Example 2: To modify a method to require IAM authorization
The following update-method
example modifies the method to require IAM authorization.
aws apigateway update-method \
--rest-api-id 1234123412 \
--resource-id a1b2c3 \
--http-method GET \
--patch-operations op="replace",path="/authorizationType",value="AWS_IAM"
Output:
{
"httpMethod": "GET",
"authorizationType": "AWS_IAM",
"apiKeyRequired": false,
"methodResponses": {
"200": {
"statusCode": "200",
"responseModels": {}
}
},
"methodIntegration": {
"type": "AWS",
"httpMethod": "POST",
"uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789111:function:hello-world/invocations",
"passthroughBehavior": "WHEN_NO_MATCH",
"contentHandling": "CONVERT_TO_TEXT",
"timeoutInMillis": 29000,
"cacheNamespace": "h7i8j9",
"cacheKeyParameters": [],
"integrationResponses": {
"200": {
"statusCode": "200",
"responseTemplates": {}
}
}
}
}
Example 3: To modify a method to require Lambda authorization
The following update-method
example modifies the method to required Lambda authorization.
aws apigateway update-method --rest-api-id 1234123412 \
--resource-id a1b2c3 \
--http-method GET \
--patch-operations op="replace",path="/authorizationType",value="CUSTOM" op="replace",path="/authorizerId",value="e4f5g6"
Output:
{
"httpMethod": "GET",
"authorizationType": "CUSTOM",
"authorizerId" : "e4f5g6",
"apiKeyRequired": false,
"methodResponses": {
"200": {
"statusCode": "200",
"responseModels": {}
}
},
"methodIntegration": {
"type": "AWS",
"httpMethod": "POST",
"uri": "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789111:function:hello-world/invocations",
"passthroughBehavior": "WHEN_NO_MATCH",
"contentHandling": "CONVERT_TO_TEXT",
"timeoutInMillis": 29000,
"cacheNamespace": "h7i8j9",
"cacheKeyParameters": [],
"integrationResponses": {
"200": {
"statusCode": "200",
"responseTemplates": {}
}
}
}
}
For more information, see Create, configure, and test usage plans using the API Gateway CLI and REST API and Controlling and managing access to a REST API in API Gateway in the Amazon API Gateway Developer Guide.
httpMethod -> (string)
The method’s HTTP verb.
authorizationType -> (string)
The method’s authorization type. Valid values areNONE
for open access,AWS_IAM
for using AWS IAM permissions,CUSTOM
for using a custom authorizer, orCOGNITO_USER_POOLS
for using a Cognito user pool.
authorizerId -> (string)
The identifier of an Authorizer to use on this method. TheauthorizationType
must beCUSTOM
.
apiKeyRequired -> (boolean)
A boolean flag specifying whether a valid ApiKey is required to invoke this method.
requestValidatorId -> (string)
The identifier of a RequestValidator for request validation.
operationName -> (string)
A human-friendly operation identifier for the method. For example, you can assign theoperationName
ofListPets
for theGET /pets
method in thePetStore
example.
requestParameters -> (map)
A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of
method.request.{location}.{name}
, wherelocation
isquerystring
,path
, orheader
andname
is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required (true
) or optional (false
). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates.key -> (string)
value -> (boolean)
requestModels -> (map)
A key-value map specifying data schemas, represented by Model resources, (as the mapped value) of the request payloads of given content types (as the mapping key).
key -> (string)
value -> (string)
methodResponses -> (map)
Gets a method response associated with a given HTTP status code.
key -> (string)
value -> (structure)
Represents a method response of a given HTTP status code returned to the client. The method response is passed from the back end through the associated integration response that can be transformed using a mapping template.
statusCode -> (string)
The method response’s status code.responseParameters -> (map)
A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern
method.response.header.{name}
, wherename
is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to the mapping you prescribe in the API’s IntegrationResponse. The integration response data that can be mapped include an integration response header expressed inintegration.response.header.{name}
, a static value enclosed within a pair of single quotes (e.g.,'application/json'
), or a JSON expression from the back-end response payload in the form ofintegration.response.body.{JSON-expression}
, whereJSON-expression
is a valid JSON expression without the$
prefix.)key -> (string)
value -> (boolean)
responseModels -> (map)
Specifies the Model resources used for the response’s content-type. Response models are represented as a key/value map, with a content-type as the key and a Model name as the value.
key -> (string)
value -> (string)
methodIntegration -> (structure)
Gets the method’s integration responsible for passing the client-submitted request to the back end and performing necessary transformations to make the request compliant with the back end.
type -> (string)
Specifies an API method integration type. The valid value is one of the following:
For the HTTP and HTTP proxy integrations, each integration can specify a protocol (
http/https
), port and path. Standard 80 and 443 ports are supported as well as custom ports above 1024. An HTTP or HTTP proxy integration with aconnectionType
ofVPC_LINK
is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.httpMethod -> (string)
Specifies the integration’s HTTP method type. For the Type property, if you specifyMOCK
, this property is optional. For Lambda integrations, you must set the integration method toPOST
. For all other types, you must specify this property.uri -> (string)
Specifies Uniform Resource Identifier (URI) of the integration endpoint.
For
HTTP
orHTTP_PROXY
integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. IfconnectionType
isVPC_LINK
specify the Network Load Balancer DNS name. ForAWS
orAWS_PROXY
integrations, the URI is of the formarn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}
. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated Amazon Web Services service (e.g., s3); and {subdomain} is a designated subdomain supported by certain Amazon Web Services service for fast host-name lookup. action can be used for an Amazon Web Services service action-based API, using an Action={name}&{p1}={v1}&p2={v2}… query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an Amazon Web Services service path-based API. The ensuing service_api refers to the path to an Amazon Web Services service resource, including the region of the integrated Amazon Web Services service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be eitherarn:aws:apigateway:us-west-2:s3:action/GetObject&Bucket={bucket}&Key={key}
orarn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}
connectionType -> (string)
The type of the network connection to the integration endpoint. The valid value isINTERNET
for connections through the public routable internet orVPC_LINK
for private connections between API Gateway and a network load balancer in a VPC. The default value isINTERNET
.connectionId -> (string)
The ID of the VpcLink used for the integration whenconnectionType=VPC_LINK
and undefined, otherwise.credentials -> (string)
Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role’s Amazon Resource Name (ARN). To require that the caller’s identity be passed through from the request, specify the stringarn:aws:iam::\*:user/\*
. To use resource-based permissions on supported Amazon Web Services services, specify null.requestParameters -> (map)
A key-value map specifying request parameters that are passed from the method request to the back end. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the back end. The method request parameter value must match the pattern of
method.request.{location}.{name}
, wherelocation
isquerystring
,path
, orheader
andname
must be a valid and unique method request parameter name.key -> (string)
value -> (string)
requestTemplates -> (map)
Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value.
key -> (string)
value -> (string)
passthroughBehavior -> (string)
Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified inrequestTemplates
. The valid value is one of the following:WHEN_NO_MATCH
: passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request.WHEN_NO_TEMPLATES
: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response.NEVER
: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request.contentHandling -> (string)
Specifies how to handle request payload content type conversions. Supported values are
CONVERT_TO_BINARY
andCONVERT_TO_TEXT
, with the following behaviors:If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the
passthroughBehavior
is configured to support payload pass-through.timeoutInMillis -> (integer)
Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds.cacheNamespace -> (string)
Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as thecacheNamespace
. You can specify the samecacheNamespace
across resources to return the same cached data for requests to different resources.cacheKeyParameters -> (list)
A list of request parameters whose values API Gateway caches. To be valid values for
cacheKeyParameters
, these parameters must also be specified for MethodrequestParameters
.(string)
integrationResponses -> (map)
Specifies the integration’s responses.
key -> (string)
value -> (structure)
Represents an integration response. The status code must map to an existing MethodResponse, and parameters and templates can be used to transform the back-end response.
statusCode -> (string)
Specifies the status code that is used to map the integration response to an existing MethodResponse.selectionPattern -> (string)
Specifies the regular expression (regex) pattern used to choose an integration response based on the response from the back end. For example, if the success response returns nothing and the error response returns some string, you could use the.+
regex to match error response. However, make sure that the error response does not contain any newline (\n
) character in such cases. If the back end is an Lambda function, the Lambda function error header is matched. For all other HTTP and Amazon Web Services back ends, the HTTP status code is matched.responseParameters -> (map)
A key-value map specifying response parameters that are passed to the method response from the back end. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of
method.response.header.{name}
, wherename
is a valid and unique header name. The mapped non-static value must match the pattern ofintegration.response.header.{name}
orintegration.response.body.{JSON-expression}
, wherename
is a valid and unique response header name andJSON-expression
is a valid JSON expression without the$
prefix.key -> (string)
value -> (string)
responseTemplates -> (map)
Specifies the templates used to transform the integration response body. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
key -> (string)
value -> (string)
contentHandling -> (string)
Specifies how to handle response payload content type conversions. Supported values are
CONVERT_TO_BINARY
andCONVERT_TO_TEXT
, with the following behaviors:If this property is not defined, the response payload will be passed through from the integration response to the method response without modification.
tlsConfig -> (structure)
Specifies the TLS configuration for an integration.
insecureSkipVerification -> (boolean)
Specifies whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a supported certificate authority. This isn’t recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate’s expiration date, hostname, and presence of a root certificate authority. Supported only for
HTTP
andHTTP_PROXY
integrations.Warning
EnablinginsecureSkipVerification
isn’t recommended, especially for integrations with public HTTPS endpoints. If you enableinsecureSkipVerification
, you increase the risk of man-in-the-middle attacks.
authorizationScopes -> (list)
A list of authorization scopes configured on the method. The scopes are used with a
COGNITO_USER_POOLS
authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide an access token instead of an identity token for authorization purposes.(string)