1 Answer
- Newest
- Most votes
- Most comments
0
Here's a refined approach to consider:
-
Configure an API Gateway (HTTP or REST) to act as the entry point for external API requests. This will forward requests to your internal API endpoint (
https://myproduct.mypage.com/api/(*)
). -
Implement Lambda Authorizer for Authentication Bypass:
- Use a Lambda Authorizer to inspect incoming requests to the API Gateway.
- The Lambda function will check for specific identifiers (e.g., API keys, custom headers) that indicate a request is from a technical user.
- If the request contains the correct identifiers, bypass the Cognito authentication and allow the request to proceed to your API. Otherwise, enforce the standard authentication flow.
-
Ensure your ingress is configured to properly route requests from the API Gateway, including those bypassing Cognito authentication.
-
Even when bypassing Cognito, secure the alternative authentication path with robust methods like API keys or OAuth tokens. Consider additional security measures like IP whitelisting to only allow traffic from the API Gateway to the specific bypass routes.
Relevant content
- asked 8 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago