En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Is it possible to use sequence: Cognito Authorizer and Lambda Athorizer?

0

I have a NET 6 Web REST API service deployed as Lambda and works with RDS PostgreSQL database.

What do you think about my idea? It is:

  1. Create User pool
  2. Declare Cognito Authorizer in AWS Gateway ("allow" or "deny")
  3. If its response is "Allow" then use my Lambda Custom authorizer: email+password stored in my database, return a role: User, Power User, Admin, Superadmin.
Sujets
Sans serveurCalculSécurité, identité et conformité.NET sur AWS
Balises
AWS LambdaAmazon Cognito.NET sur AWS
Langue
English
Oleg
demandé il y a un an261 vues
2 réponses
1

Hi Oleg :)

I think this answer outlines well the options for role based authorizations: https://repost.aws/questions/QUpYtLZR5wQVqOSWI4BcblQQ/rbac-for-api-gateway-endpoints-using-cognito-user-groups.

Hope it helps

profile picture
EXPERT
Antonio_Lagrotteria
répondu il y a un an
0

Hi, @Oleg.

I understand that "AWS Gateway" is "API Gateway".

You cannot set multiple authorizers in combination in API Gateway.
So you have to implement your custom logic in the Lambda authorizer.

Validate Cognito's JWT in Lambda and check for the target user pool. Then perform custom processing.
The following documents may be helpful.

https://github.com/aws-samples/amazon-cognito-api-gateway

profile picture
EXPERT
iwasa
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents