Can I fully authenticate to AWS iOT through API Gateway HTTP using only header authentication methods?

Question

HI

I am looking to build an app using FlutterFlow to interact with AWS iOT Core. The plan is to interact through the app and register iOT devices, and create / edit rules in iOT.

The issue is that FlutterWave only has simple API authentication. I.e. they only allow authorisation through headers in the HTTP request.

Is there a way to use Cognito or API Gateway, with a Lambda function if needed, to authenticate such that I can do more than shown here (publish mostly):
https://docs.aws.amazon.com/solutions/latest/constructs/aws-apigateway-iot.html

Or, do I need to authenticate through Congito and IAM such that the user is authenticated fully, and can create iOT devices, edit rules etc?

There is also a way to authenticate through Firebase, not sure if that can help?

Thanks

Answer

You could implement custom authorizer to validate the header request before to forward the request to IoT as described in the [link](https://docs.aws.amazon.com/solutions/latest/constructs/aws-apigateway-iot.html) you posted.

If you want to use the REST API (as in the link posted) you can check [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html) for information on how to create a custom authorizer via lambda. This would allow you to get the request header and verify it before your request is forwarded to IoT

If you want to use HTTP Api gateway (but I don't think you can link directly to IoT) you can check [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html)

Can I fully authenticate to AWS iOT through API Gateway HTTP using only header authentication methods?

관련 콘텐츠