En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

API Gateway - Exposing Backend APIs - Authentication

0

We have purchased software running on EC2 and we need to expose several REST APIs externally. The problem is that the APIs require OAuth authentication, and API Gateway only supports client certificate. This is a major deficiency, I doubt there are many APIs, public or private, that support client certificate authentication.

How can I call the target API from API Gateway? The only thing I can think of is to use a Lambda that obtains the token and makes the API call. Is this the only alternative? I'd rather not have to create, maintain, and pay to run a Lambda.

Also I see that there are solutions for caching secrets and environment variables across Lambda invocations, but no solution for caching arbitrary data such as the bearer token. I'd rather not have to obtain a new token for every call. I've seen some suggest using a class variable, the implication being that the class will persist until the container is shut down. However this assumption isn't backed up by any AWS documentation that I can find.

Any insights or suggestions are appreciated.

Sujets
Sans serveurCalculWeb et mobile front-endRéseaux et diffusion de contenu
Balises
AWS LambdaPasserelle API AmazonMise en cache
Langue
English
rePost-User-6165397
demandé il y a un an438 vues
2 réponses
0

You need to use Lambda, but how about using "Custom Authorizer" as shown in the following document?
https://aws.amazon.com/jp/blogs/compute/introducing-custom-authorizers-in-amazon-api-gateway/

profile picture
EXPERT
Riku_Kobayashi
répondu il y a un an
0

As you indicated, API Gateway can't support what you need. You will need to implement a Lambda functions. The Lambda function will cache data between invocations if you save them in global/class variables, so you can do it once, or whenever the token expires. You could also cache the information in some external source, such as DynamoDB, so that you can share it between different Lambda instances and even between different Lambda functions (if you choose to create a different function for each of the backend APIs for instance).

profile pictureAWS
EXPERT
Uri
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents