Skip to main content
availability

Package: Invicti AppSec Core (on-demand)

Amazon API Gateway

Invicti AppSec Core can connect to Amazon API Gateway using AWS IAM role assumption to automatically import Swagger 2 and OpenAPI 3 specifications into your API catalog.

This document explains how to configure the IAM role permissions and set up the Amazon API Gateway source in Invicti AppSec Core.

Why this matters

If your APIs are deployed on Amazon API Gateway, you already have a central registry of what's exposed. Connecting it to Invicti AppSec Core means your API catalog stays in sync automatically, so every new API you deploy is available for security scanning without any manual tracking.

Prerequisites

Before you begin, make sure your AWS IAM role has the following permissions:

  • sts:AssumeRole
  • sts:GetAccessKeyInfo
  • sts:GetCallerIdentity
  • apigateway:GET

Step 1: Update IAM role permissions

  1. In the AWS Console, go to IAM > Roles.

  2. Select the role you want Invicti AppSec Core to use.

  3. Go to the Trust relationships tab and click Edit trust policy.

  4. Add a new statement that grants sts:AssumeRole access. Use the ARN format:

    arn:aws:iam::<ACCOUNT_ID>:role/<ROLE>
  5. Save the updated trust policy.

Step 2: Configure Amazon API Gateway in Invicti AppSec Core

  1. Select Discovery > API sources from the left-side menu.

  2. Click Add source.

  3. Select the Amazon API Gateway source type card.

  4. Click Continue.

  5. Paste the IAM role ARN in the Assume role field.

  6. Enter the stage names where your APIs are deployed.

    Stage names are required

    If you don't enter stage names, APIs aren't fully imported into the catalog.

  7. Select the AWS regions where your APIs are deployed.

  8. Click Authenticate and save.

Step 3: Synchronize

To run an immediate sync, click the sync icon next to the source on the API sources page.

Invicti AppSec Core automatically synchronizes with Amazon API Gateway every 24 hours.


Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?