Integrate an API with lambda - Part 2


Let us look at the configuration of method request section

The first setting is about authorization. Default option is none. The provided option is AWS IAM. But we can also use custom authorization if we need such a feature. We can create and add an authorizer to the section as shown below

During the creation of authorizer several options are available. The first choice we have is the type of authorizer. Two possible values are lambda or cognito. If we choose lambda then we have a set of options. We need to provide the name of the lambda function.  This lambda function is responsible for validating the user and providing the necessary policy back. This policy will be evaluated and the user is either allowed or denied access to the resource. 

For the lambda based authorization there are couple of options. We could use either token based approach or request based approach. 

In the token based approach the user is expected to provide a valid token and this token will be used for authentication/authorization. There is a feature to validate the token format. Even before sending the token to back end lambda for decrypting, AWS provides an ability to perform regex on the token format. This regex can be provided in the token validation field.

In the request based approach we have the ability to configure multiple tokens or fields that need to be provided by the user for validation. Below is the screenshot which shows the configuration with the request option selected. 


Once an authorizer is created we can quickly test the configuration in the console. Below is the screenshot which shows an authorizer created with token  type


If we go back to the resource method and refresh the page, we can see the newly created custom authorizer involving lambda available. In our example we created the authorizer called custom and that shows up in the drop down options.

In the part 3 of the blog we will look at request validation and other configurations.

Comments

Post a Comment

Popular posts from this blog

Integrate an API with lambda - Part 5

Image
In this part of the blog we will cover the section Integration Response  in detail. This is where we configuration how the response needs to be mapped. On clicking the  details we get a similar screen In here we could add multiple integration responses. This is a very important section for output error code mapping.  If we intend to capture some keyword coming from backend we can use regex expression to filter response and handle the conversion. For example, we could expression .*exception*. to filter responses which has exception occurring any where and map it to error code like 500. Below screenshots shows the steps involved in achieving this.
Read more

Custom authorizer

Creating custom authorizer using SAM AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources:   Api:     Type: AWS::Serverless::Api     Properties:       StageName: devtesting       DefinitionBody:         swagger: "2.0"         info:           title:             Ref: AWS::StackName         description: My API that uses custom authorizer         version: 1.0.0         paths:           "/getmesomething":             get:               x-amazon-apigateway-integration:                 httpMethod: GET                 type: aws_proxy         ...
Read more