Status: IN
API Gateway REST APIs support six access control mechanisms: resource policies, IAM roles/policies, IAM tags, Lambda authorizers, Cognito user pools, and VPC endpoint policies.
Source: entries/2026/03/11/apigateway-latest-developerguide-apigateway-control-access-to-apihtml.md