How do I authorize users based on their group in the cognito user pool in the API gateway authorizer? I am aware id_token and access_tokens have cognito: groups in the payload, but how to access it?

0

I have a Java service running in lambda. simple hello world application with a get API. I have also configured an API gateway with the cognito user pool as my authorizer. In my Cognito user pool, I have created a group (say admin) and added a few of my users to that group. Now I want users who have an admin group alone to access my API. At this point, any user who has signed up for the service and has valid tokens are allowed access. I would like to know if

  1. I can do this with cognito authorizer in the API gateway itself or some other means with minimal code.
  2. If not how to implement this java. Are there any documentation for the same?
1 Answer
0

Using the Solution Overview depicted in this blog as a reference, can you describe which step you are having trouble with?

https://aws.amazon.com/blogs/security/building-fine-grained-authorization-using-amazon-cognito-api-gateway-and-iam/

profile picture
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions