- 新しい順
- 投票が多い順
- コメントが多い順
If I understood your case correctly, you want to authorize cognito users in your exposed API and the integration with the backend also has an internal authorizer with an OAuth2 flow. You will definitely need to authorize internally. In your case you can't do it without using Lambda, you can maintain the integration with the backend in the same way with VPC Link, but you will need to use a Lambda Authorizer. With this lambda authorizer you will validate the cognito token passed in the request, you will generate a token in the internal OAuth2 flow, you can save it to a DynamoDB for caching purposes, and you will need to return that token in the context of that lamda's response. When configuring your route, you will need to create a Mapping Template in your integration request to add the Authorization header that will be sent to the backend you returned in Lambda. Follow this documentation as a reference: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-override-request-response-parameters.html
関連するコンテンツ
- AWS公式更新しました 3年前
- AWS公式更新しました 2年前