Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

API Gateway: AWS Service integration using IAM authorization

0

I'm using AWS Service integration to connect API Gateway to DynamoDB.

E.g. PUT orders/{id} -> AWS Service: DynamoDB, Action: UpdateItem (using a mapping template to transform the HTTP body to a UpdateItem request).

Works fine. Now I'd like to secure the table so that a user can only access their own records. I've created a Cognito Identity Pool to limit a user's access and I've configured the method to use AWS IAM for auth. But I don't see a way to tell the integration to use that as the Execution role. As far as I can see, you have to hard-code that.

Is there a way to use the IAM role as the execution role?

Workaround

I'm aware that I can put a Lambda in the middle, getting it to make the DynamoDB call using the user's IAM credentials, but that's an extra hop and more code to look after. If anybody know a way to go IAM -> Gateway -> Dynamo that would be much better.

Themen
ServerlosFrontend-Web & MobileVernetzung & Bereitstellung von InhaltenSicherheit, Identität & Konformität
Tags
Amazon API-GatewayAmazon Cognito
Sprache
English
ANeeson
gefragt vor 2 Jahren254 Aufrufe
1 Antwort
1

Something worth trying - https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_items.html

Amazon DynamoDB: Allows item-level access to DynamoDB based on an Amazon Cognito ID

profile pictureAWS
EXPERTE
Indranil Banerjee AWS
beantwortet vor 2 Jahren
  • ANeeson
    vor 2 Jahren

    Interesting suggestion. thanks! +1

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt