Can I fully authenticate to AWS iOT through API Gateway HTTP using only header authentication methods?



I am looking to build an app using FlutterFlow to interact with AWS iOT Core. The plan is to interact through the app and register iOT devices, and create / edit rules in iOT.

The issue is that FlutterWave only has simple API authentication. I.e. they only allow authorisation through headers in the HTTP request.

Is there a way to use Cognito or API Gateway, with a Lambda function if needed, to authenticate such that I can do more than shown here (publish mostly):

Or, do I need to authenticate through Congito and IAM such that the user is authenticated fully, and can create iOT devices, edit rules etc?

There is also a way to authenticate through Firebase, not sure if that can help?


1 Answer

You could implement custom authorizer to validate the header request before to forward the request to IoT as described in the link you posted.

If you want to use the REST API (as in the link posted) you can check here for information on how to create a custom authorizer via lambda. This would allow you to get the request header and verify it before your request is forwarded to IoT

If you want to use HTTP Api gateway (but I don't think you can link directly to IoT) you can check here

answered 10 months ago
  • Thanks Miki!

    I have looked through the documentation further and HTTP calls are restricted in what they can do, only publish.

    Plus, I don't think I can provision devices through the HTTP API.

    Do you know if there's a way to have someone hit an HTTP API gateway, and a Lambda function then upgrades that transmission to a MQTT or MQTT over WebSockets connection?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions