If I have an API with a defaultAuthorizationType of AWS_IAM that makes it so my API can’t be accessed by any random person. At least that’s how I understand it. Its set up like below:

// Create a HTTP API
    const api = new sst.Api(this, "Api", {
      defaultAuthorizationType: "AWS_IAM",
      defaultFunctionProps: {
        environment: {
          TABLE_NAME: myCoolTable.tableName,
        },
      },
      // prettier-ignore
      routes: {
        "GET      /someAuthRoute":     "src/doTheThing.main",
        "POST     /newsletter-signup":   "src/newsletterSignUp.main" // I want this to be accessibly just from <http://www.myCoolDomain.com|www.myCoolDomain.com>
      },
    });

    api.attachPermissions([myCoolTable]);

    const auth = new sst.Auth(this, "Auth", {
      cognito: {
        userPool: {
          signInAliases: { email: true },
        },
      },
    });

    auth.attachPermissionsForAuthUsers([
      // Allow access to the API
      api,
    ]);

Now, I’d like my domain to be able to post to

/newsletter-signup

and add someone to the table. But the way I have the table set you need to be logged in. And what I want is anyone to be able to sign up. I “could” just make another API and table, but it seems like there’s probably a better way?

You can override the authorisation for a specific route using:

authorizationType: sst.ApiAuthorizationType.NONE

Thanks! It works!