I'm using AWS Service integration to connect API Gateway to DynamoDB.
E.g.
PUT orders/{id}
-> AWS Service: DynamoDB, Action: UpdateItem (using a mapping template to transform the HTTP body to a UpdateItem request).
Works fine. Now I'd like to secure the table so that a user can only access their own records. I've created a Cognito Identity Pool to limit a user's access and I've configured the method to use AWS IAM
for auth. But I don't see a way to tell the integration to use that as the Execution role
. As far as I can see, you have to hard-code that.
Is there a way to use the IAM role as the execution role?
Workaround
I'm aware that I can put a Lambda in the middle, getting it to make the DynamoDB call using the user's IAM credentials, but that's an extra hop and more code to look after. If anybody know a way to go IAM -> Gateway -> Dynamo that would be much better.
Interesting suggestion. thanks! +1