I'm wanting to call an AWS API Gateway endpoint which has Authorization set to AWS_IAM from an executing AWS Lambda who's execution role has permission to execute that API Gateway.
Is there anyway for me to sign the HTTPS request to API Gateway using the current execution role of my Lambda?
Edit:
Looking at http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html, I may be able to call AssumeRole using the SDK to assume the role which has permissions to execute Api Gateway, and then extract the secret key which can be used to sign the requests.
The credentials for lambda's execution role can be retrieved from environment variables - AWS_SESSION_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY.
You can use the above credentials to sign the requests. The docs for signing are here http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html. You can also look at third party libraries that do this.
Note that since you have session token you'll need to handle it as described here http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html#RequestWithSTS