Securing API Gateway using Lambda Authorizer

2022.03.04

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

API

It stands for Application Program interface which helps in connection of two applications, computers, or between computer programs to talk to each other. It is used to access data, server software, or other applications and has been around for some time. Each time anyone uses a particular app for weather updates or good restaurants API’s is used.

API Gateway

A fully managed service that makes developers easily create, publish, maintain, monitor, and secure APIs at any scale. Using API Gateway can create Restful APIs and WebSocket APIs which have real-time two-way communication applications. It is a front door for applications to access data, business logic, or functionality from your backend services.

AWS Lambda

A serverless compute service which runs code as a reply to events and automatically takes care of the bottom resources. It runs code on high availability compute infrastructure and performs all the administration of the compute resources. A few examples are HTTP requests vis Amazon API Gateway, changes to objects in S3, and many others.

Refer to the below blog to know how to secure API Gateway using Amazon Cognito User Pools

Demo

Search for API Gateway in AWS console and click "build" on REST API Click on New API, enter an API Name and click on create API Go to Actions and click on Create Resource Give a resource name and click create resource Select the above created resource, go to actions, click create method and select GET Now in the console, go to AWS Lambda click on new function, give function name, runtime as python 3.7 and click create function Write down the below code Now going back to API tab, give the lambda function name and click save Click customers, got to actions and click Deploy API click new stage, give stage name and click deploy Copy the URL Pasting in the new tab It can be accessed by adding /customers which is because of the above resource created in the RESTAPI. This can be accessed by anyone in the world. Inorder to restrict the above access we follow the below steps by making using of an authorizer. In a new tab open the lambda, click new function having same specifications of above created lambda function. Make below changes in the code, click deploy in the below we get to know that users who make use of below can only access the API Gateway. Now creating authorizers by click the authorizer in side and clicking create new authorizer Give name, add the above lambda function, uncheck enabled function box and click create Adding the authorizer by following the below method Now invoking the URL even with "/customers" in new tab the access will be denied Now invoking the URL in POSTMAN with headers as below As above is denied because of false values and after adding the correct values we will get the correct output as below