diff --git a/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown b/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown index 2158106d1a..f723a296d6 100644 --- a/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown +++ b/website/source/docs/providers/aws/r/api_gateway_integration.html.markdown @@ -82,7 +82,9 @@ resource "aws_lambda_permission" "apigw_lambda" { action = "lambda:InvokeFunction" function_name = "${aws_lambda_function.lambda.arn}" principal = "apigateway.amazonaws.com" - source_arn = "arn:aws:execute-api:${var.myregion}:${var.accountId}:${aws_api_gateway_rest_api.api.id}/*/${aws_api_gateway_method.method.http_method}/" + + # More: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html + source_arn = "arn:aws:execute-api:${var.myregion}:${var.accountId}:${aws_api_gateway_rest_api.api.id}/*/${aws_api_gateway_method.method.http_method}/resourcepath/subresourcepath" } resource "aws_lambda_function" "lambda" { diff --git a/website/source/docs/providers/aws/r/lambda_permission.html.markdown b/website/source/docs/providers/aws/r/lambda_permission.html.markdown index dddcc5de6c..0bbd548599 100644 --- a/website/source/docs/providers/aws/r/lambda_permission.html.markdown +++ b/website/source/docs/providers/aws/r/lambda_permission.html.markdown @@ -119,6 +119,8 @@ EOF e.g. `arn:aws:lambda:aws-region:acct-id:function:function-name:2` * `source_account` - (Optional) The AWS account ID (without a hyphen) of the source owner. * `source_arn` - (Optional) When granting Amazon S3 or CloudWatch Events permission to - invoke your function, you should specify this field with the Amazon Resource Name (ARN) - for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events - generated from the specified bucket or rule can invoke the function. + invoke your function, you should specify this field with the Amazon Resource Name (ARN) + for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events + generated from the specified bucket or rule can invoke the function. + API Gateway ARNs have a unique structure described + [here](http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html).