- Newest
- Most votes
- Most comments
Hi,
If you use Lambda authorizer, you will have to code the lambda handler yourself where you'll have to return an IAM policy to allow/deny the request. A dir net blueprint can be found here: https://github.com/awslabs/aws-apigateway-lambda-authorizer-blueprints/tree/master/blueprints/dotnet/src but you can use any supported languages for it.
With authorizers you are in full control.
For cognito you will have just to associate it to the api gw after you create an user pool. It provides certain features out of the box, but there are certain limitations (non able to add custom claims to access tokens, very rigid to update user pools after you create them).
So, there is compromise to make here:
- full flexibility required -> Lambda authorizer
- Cognito standard features ok -> Cognito Authorizer
Best
Didier
Are you running cognito or another authentication system which requires a custom authoriser or need to perform custom checks?
We need an authorizer for users with different roles like passengers, drivers, admins—assigned to three groups via Cognito user pool. This authorizer should control access to resources like APIs (Lambda & API Gateway) based on their group. Additionally, we need to restrict each group's users from accessing each other’s resources, which requires a more reliable authorization method beyond group-level controls. What would be the best approach for this?
Relevant content
- Accepted Answerasked 5 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
Thanks for the response :)