If you use Lambda authorizer, you will have to code the lambda handler yourself where you ll have to return an IAM policy to allow/deny the request. A dir net blueprint can be found here: https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/tree/master/blueprints/dotnet/src but you can use any supported languages for it.
With authorizers you are in full control.
For cognito you will have just to associate it to the api gw after you create an user pool. It provides certain features out of the box, but there are certain limitations (non able to add custom claims to access tokens, very rigid to update user pools after you create them). This will be driven by your requirements and risk appetite.
Hope it helps!
- asked a year ago
- asked 10 months ago
- AWS OFFICIALUpdated 19 days ago
- How can I use the AWS CLI to register a Lambda function as a target behind my Application Load Balancer?AWS OFFICIALUpdated 7 months ago
- EXPERTpublished 25 days ago
- EXPERTpublished 2 months ago
Thank you. Yet another question: these both types of Authorizers return Allow or Deny. How to implement if I want to return user role of this user? For example, Unregistered, User, Admin, Superadmin? As I see: I need to develop 2 steps: Authorizer(1 of 2) + my own identity manager
Maybe for your case you could use the response context of the policy: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html which you can fill with above values