使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Cognito User Pool Groups and retrieving IAM from Lambda

0

A customer is building a serverless solution. Clients would make an api call, trigger custom authorizer/lambda using request parameter, and authenticate the user in the user pool. However, to generate a policy doc, they don't want to grant a blanket 'Allow' to the request. They want to apply IAM policies to user groups in cognito, and pass that to lambda authorizer. Has anyone encountered this? How to retrieve the Iam role/policy attached to the group in cognito user pools?

主題
無伺服器運算安全性、身分識別與合規前端網頁與行動裝置網路與內容交付
標籤
AWS LambdaAWS Identity and Access ManagementAmazon API GatewayAmazon Cognito
語言
English
AWS
rabinon
已提問 6 年前檢視次數 481 次
1 個回答
0
已接受的答案

It seems like they're trying to fight the conventional pattern. Serverless or not, why would they not authenticate & authorize the user directly via Cognito first, and then use the Cognito JWT as authN/Z to the api call? Everything they are after (group based policies, access control on the api) is essentially trivial if they do the identity bits first.

專家
Quint Van Deman
已回答 6 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容