session validation in Lambda authorizer

Your Lambda authorizer function should be attached to the VPC where Redis is running. You will include in the function a Redis SDK that will create a connection to the Redis cluster. You should create the connection outside the Lambda handler so it will be reused across all invocations.

You need to configure API Gateway to pass the Cookies header to the Lambda authorizer. When the function is invoked, it extracts the appropriate cookie from the header and validates it agains Redis. It will then return an appropriate resource policy that allows or denies the access.