How to invalidate API Gateway Cache

To invalidate an existing cache entry of a request and retrieve the latest data from the integration endpoint, one must send the request together with the Cache-Control: max-age=0 header. If the recipient is authorized to communicate directly to the integration endpoint, then the integration endpoint will respond with the latest data for the request. This also replaces the existing cache entry with the new response.

The IAM Policy that grants a client to invalidate the cache follows:

  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Action": [
      "Resource": [ "arn:aws:execute-api:region:account-id:api-id/stage-name/GET/resource-path-specifier"

An alternative option for requiring authorization, aside from using the policy above, is to place a checkmark on Require Authorization checkbox. This checkbox can be seen in the Settings tab of your Deployment stage, after you enable API caching. 

IT Certification Category (English)728x90

API Gateway Cache

If you have enabled caching and authorization, you can also configure how unauthorized requests are handled:

API Gateway Cache

  • Fail the request with 403 status code: returns a 403 Unauthorized response.
  • Ignore cache control header; Add a warning in response header: process the request and add a warning header in the response.
  • Ignore cache control header: process the request and do not add a warning header in the response.



AWS Certifications are consistently among the top paying IT certifications in the world, considering that Amazon Web Services is the leading cloud services platform with almost 50% market share! Earn over $150,000 per year with an AWS certification!

Subscribe to our newsletter and notifications for more helpful AWS cheat sheets and study guides like this and answer as many AWS practice exams as you can.🙂