Virtual service authorization

What is claimed is: 1. A computer-implemented method, comprising: obtaining, from a user, a first application programming interface (API) request formatted in accordance with a customer-defined syntax that is formatted in a way that does not comply with a second syntax, the first API request being digitally signed and provided with a digital signature and comprising: a first identifier of a resource hosted by a service of a computing resource service provider for the user of the computing resource service provider; and a first representation of an operation to perform with respect to the resource; using data from the first API request to verify the user submitting the first API request including at least the digital signature of the first API request; as a result of verifying submission of the first API request, obtaining a policy, at the service hosted by the computing resource service provider, applicable to the first API request that indicates constraints for authorization of the first API request and comprises a set of request-mapping rules, the constraints for authorization including identifying an authorized role associated with one or more users including the user submitting the first API request; determining attributes of the first API request to utilize in connection with the policy; using the policy to determine one or more operations, based at least in part on the attributes, that are authorized to be performed by the user by comparing at least one operation associated with the first API request to authorized operations specified by the policy to determine if the at least one operation associated with the first API request is authorized; applying, at the service hosted by the computing resource service provider, the set of request-mapping rules to the obtained first API request to generate a second API request that complies with the second syntax of another service of the computing resource service provider and that comprises: a second identifier of the resource; and a second representation of the operation; and transmitting the second API request to the other service. 2. The computer-implemented method of claim 1 , further comprising: verifying the user by at least processing one or more digital signatures associated with the first application programming interface (API) request. 3. The computer-implemented method of claim 1 , wherein the constraints indicate authorization rules applicable to the first application programming interface (API) request to determine whether the user is able to access one or more resources hosted by the computing resource service provider. 4. The computer-implemented method of claim 1 , wherein the first API request is a query request comprising query parameters. 5. The computer-implemented method of claim 1 , further comprising configuring the service to allow a second user, executing an application hosted by the computing resource service provider, to submit an API call comprising the policy to the service, wherein the policy comprises one or more authorization rules applicable to one or more API requests. 6. A system, comprising: one or more processors; and memory with instructions that, as a result of being executed by the one or more processors, cause the system to: obtain a first application programming interface (API) request, from a principal, formatted in accordance with a customer-defined syntax and formatted in a way that is not compatible with a second syntax of another service of a computing resource service provider, the first API request being provided with a signature and comprising: a first identifier of a resource hosted by a service of the computing resource service provider for the principal of the computing resource service provider; and a first representation of an operation to perform with respect to the resource; process data from the first API request to verify the principal submitting the first API request including at least the signature; as a result of verifying the first API request, obtain a policy, at the service hosted by the computing resource service provider, applicable to the first API request that indicates constraints for authorization of the first API request and includes a set of request-mapping rules, the constraints for authorization including identifying an authorized role associated with one or more users including the principal submitting the first API request; determine one or more attributes of the first API request to utilize in connection with the policy; use the policy to determine one or more operations, based at least in part on the one or more attributes, that are authorized to be performed by the principal by comparing at least one operation associated with the first API request to authorized operations specified by the policy to determine if the at least one operation associated with the first API request is authorized; apply, at the service hosted by the computing resource service provider, the set of request-mapping rules to the obtained first API request to generate a second API request that complies with the second syntax of the another service of the computing resource service provider and that comprises: a second identifier of the resource; and a second representation of the operation; and transmit the second API request to the other service. 7. The system of claim 6 , wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the system to: authenticate the principal submitting the first API request by processing data from the first API request using one or more authentication services. 8. The system of claim 6 , wherein the first API request comprises a request to access one or more resources hosted by the computing resource service provider. 9. The system of claim 6 , wherein the policy is defined and submitted by a second principal, while executing an application hosted by the computing resource service provider, to the service. 10. The system of claim 6 , wherein the policy indicates one or more permitted API operations. 11. The system of claim 10 , wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the system to: compare the first API request against the one or more permitted API operations indicated by the policy. 12. The system of claim 6 , wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the system to perform the one or more operations as a result of determining that the first API request complies with one or more authorization rules. 13. The system of claim 6 , wherein the principal corresponds to one or more users or a role associated with the one or more users. 14. The system of claim 6 , wherein: the principal corresponds to an identity managed by the computing resource service provider; and the computer resource service provider manages permissions associated with the identity. 15. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least: obtain, from a role, a first application programming interface (API) request formatted in accordance with a customer-defined syntax that is incompatible with a second syntax of another service of a computing resource service, the first API request comprising: a first identifier of a resource hosted by a service of the computing resource service provider for the role of the