Serverless Stack

Hey <@U02JWHEC5PS>, just to clarify, r u using IAM authorization for ur Api, and you want to configure who can invoke the Api?

trying to only allow access from select IPs

only allow ppl from certain IPs to be able to call the Api?

If you are using the `Auth` construct, and If you are using `IAM` authorizer for your Api, and If you are trying to allow access from select IPs to invoke ur Api, you can try this:
```const auth = new Auth(this, "Auth", { ... });

auth.attachPermissionsForAuthUsers([
  // The two PolicyStatements you shared above
  new iam.PolicyStatement({ ... }),
  new iam.PolicyStatement({ ... }),
]);```

not quite. im trying to only allow a third party service access to specific api gateways

It seems API Gateway HTTP Api (used by sst.Api) does not support resource policy

<https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html>