How does authentication/authoriation work with multi region api in a DNS fail-over scenario?

0

I want to set up a multi region api with DNS-fail over setting , by setting up health checks. I plan to set up api key for my api endpoint. say, if i create api gateway resource in two regions us-east-1 and us-west-1, with api key. i assume it will create different api keys for my api in each region. so if request comes into an api hosted in us-east-1 with a particular api key, and if us-east-1 fails and then request is routed to us-west , it should fail because the api key are different?

1 Answer
1
Accepted Answer

You have the option to either have API Gateway generate API keys for you or you have the option to import API keys. If you use the import option, you can ensure that the same API Keys are used for a particular client for both your regional API Gateway end-points.

Look at the "Import API Keys" section in https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-setup-api-key-with-console.html#api-gateway-usage-pan-import-apikey

As a side note, you should not use API Keys for Authentication and Authorization. API Keys are only meant for implementing Usage Plans for clients.

You can use mechanisms such as Cognito User Pools, Cognito Identity Pools, Lambda Authorizers etc. for Authentication and Authorization in API Gateway

profile pictureAWS
EXPERT
answered a year ago
profile pictureAWS
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions