Hey all! I have deployed an API Gateway with CDK. It looks like this:
const apiKey = new apigateway.ApiKey(
this,
`NAME`,
{
description: "DESCRIPTION",
enabled: true,
}
);
const api = new apigateway.RestApi(
this,
`NAME`,
{
domainName: {
domainName: endpointName,
certificate: certificate,
},
restApiName: `NAME`,
description: "DESCRIPTION",
endpointTypes: [apigateway.EndpointType.REGIONAL],
deployOptions: {
stageName: "prod",
},
}
);
const usagePlan = new apigateway.UsagePlan(
this,
`NAME`,
{
name: `NAME`,
apiStages: [
{
api: api,
stage: api.deploymentStage,
},
],
}
);
new apigateway.CfnUsagePlanKey(
this,
`NAME`,
{
keyId: apiKey.keyId,
keyType: "API_KEY",
usagePlanId: usagePlan.usagePlanId,
}
);
But now I would also like users to use 2FA (SMS, app) to authenticate before using the API. I guess they have to login and get some sort of token?
Is there example code for this? Can I use Google SSO or would it be easier to create a fresh cognito user pool, I don't really mind both.
Am I going to have to implement a custom authenticator code? And an /login endpoint I would assume?
Does anybody have any docs/blogs/tips to create this. Would love to hear back. Thanks in advance.