By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

what is the best practice for custom authorizer in case of an exeptions

1

Hi I have an APIGateway with a customAuthorizer source identity set to the Authorization field in the header of the request I also have a 5minute cache set up(default) for the authorizer responses the problem that I have is when the customAuthorizer throws an exeption it is cached and the user that made this request will be blocked for the next 5 minutes because of the source Identity. Is there a way to only cache responses if they return an IAM policy or I have to do something to work around this . The cache is needed because I dont want to call the authorizer on each request and blocking the user because something went wrong inside the lambda is not the user experience that i wanna provide.

Basically I would like to know if there is a way to cache the result of an "Allow" or "Deny" policy but allow a retry in case of error.

Thanks for the time,

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content Delivery
Tags
AWS LambdaAmazon API Gateway
Language
English
Gsantosblanchet
asked 2 years ago800 views
2 Answers
0

One approach to achieve the desired outcome would be to define your cache key and ensure that a request retrying after an error would not be triggering an existing cache key based on how the cache key is composesd.

API Gateway offers a caching key mechanism, which uniquely identifies a particular user in your custom authorizer. All the requests passing the same header will receive a cached response if the request is sent with an expiry time-frame. When a cached method or integration has parameters, which can take the form of custom headers, URL paths, or query strings, you can use some or all of the parameters to form cache keys. API Gateway can cache the method's responses, depending on the parameter values used.

See https://www.linkedin.com/pulse/aws-lambda-authorizer-patterns-caching-harshit-pandey/

AWS
Alexander
answered 2 years ago
0

Currently API Gateway is only caching when a policy is generated. I tested this by deliberately creating an syntax error in my lambda authorizer. The authorizer has caching enabled. The request did not get cached when I again called the API with the same identify source value from a client within the Authorizer cache TTL. The number of invocations of the Lambda authorizer matched with the count of API Gateway requests.

AWS
Naba_P
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content