Protecting AWS API Gateway From 3rd Party Only

0

Hello,

I need to control access to my REST API Gateway in the following manner:

  • When called from my own web app (SPA hosted on S3/CloudFront at a specific Route53 domain) it should go through only after validating the calling user in terms of authentication and authorization through an OAuth2 JWT token.
  • When a 3rd party calls (any other domain/machine) the above should also happen, but only after validating that a specific API Token has been issued to the caller.

What technologies should I be using to achieve the above please?

1개 답변
0

API Gateway supports only a single authorization method per route. If need something which is more complex than what API Gateway supports (Cognito or IAM), you will need to use a Lambda authorizer. In the authorizer you can check the source (based on maybe some secret header that you pass from the client) and if it is not your client, you check for the other token.

profile pictureAWS
전문가
Uri
답변함 2년 전
    1. So you mean I cannot use Cognito + API token to protect a single route?
    2. Is it actually safe to pass a fixed API token from an SPA client to the Gateway?
    1. You can use both Cognito and API keys, however, if you specify that API keys are required, they will be required for everyone.

    2. Not really, but it is not very different than passing an API key.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠