I have an API that secures endpoints by JWT by default. I have an external app (Salesforce) that will push sync messages, basically a POST with a data payload. I want to have a single endpoint to receive these secured by IAM credentials (Access Key and Secret Key), as that appears to be the best mechanism from within Salesforce to call APIs on AWS. I can't tell from the SST docs how to make that work. I see I can set an ApiAuthorizationType specific to one endpoint, but don't see how I make that a programmatic access key (or if I can automate creating that user account.) Any suggestions?

Hey @Trey Overton, so any IAM user/role with the

execute-api:Invoke

permission to the resource ARN

arn:aws:execute-api:${region}:${account}:${httpApiId}/*

will have permission to invoke this API.