- Newest
- Most votes
- Most comments
Hi,
depends on your security levels and risk appetite. Typically a good compromise is to have short lived tokens which allow you to minimize access via Oauth flows, so having Cognito authorization via Bearer tokens would be a good solution. Check this out: https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
Hope it helps ;)
If you are using API Gateway in front of the Lambda functions, the general guidance is to use a Lambda authorizer. A Lambda authorizer streamlines the implementation of role-based access control (RBAC) in serverless applications by serving as a middleware between the client and the Lambda function. When a request is made, the authorizer intercepts it and verifies the requester's identity and permissions based on predefined policies or rules. It then grants or denies access to the requested resource accordingly. By abstracting away the access control logic from the application code, Lambda authorizers provide a centralized and scalable approach to enforce security, allowing developers to focus on building the core functionalities of their serverless applications.
See https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html.
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago