[go: up one dir, main page]
Scribd
Upload
207 views1 page

API Gateway Security

Lambda functions can be triggered by API Gateway to validate authentication tokens. API Gateway supports both authentication and authorization, allowing it to validate tokens with IAM or through a Lambda authorizer function. The API Gateway will then check permissions with IAM before proceeding with the request.

Uploaded by

abhi4wit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
207 views1 page

API Gateway Security

Lambda functions can be triggered by API Gateway to validate authentication tokens. API Gateway supports both authentication and authorization, allowing it to validate tokens with IAM or through a Lambda authorizer function. The API Gateway will then check permissions with IAM before proceeding with the request.

Uploaded by

abhi4wit
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Lambda

EC2

LBS
OutsideVPC

Any AWS Service

Integrates with 3rd party HTTP


Endpoint

Lambda
Example Template Inside VPC

EC2
Swagger Download Creation

From the Scratch

Default TTL is 5 min to


max 1 hr

Quotas

Defined at a stage level

Throttle

0.5 to 237GB
Setting usage Plans
Cache Assign Stage

Able to Flush at a Lambda function is


method level called to validate the API Gateway will Supports both
Assign customer API When calling API send a
token in the header IAM Permission validate it with IAM and AUTHENTICATION and
Key SIG V4
can proceed AUTHORIZATION
With proper IAM rights,
clients can bypass it The token is sent with
enable If this service
using CACHE-CONTROL- the API
will be called from
MAXAGE=0 header
other domain
API Gateway Lambda Authorizer API Gateway Security
API Gateway will call Like OAuth
Lambda and then
CORS ACCESS-CONTROL-
proceed
ALLOW-METHODS Client calls Cognito User
Pools for Token
Once enabled OPTIONS Supports both
ACCESS-CONTROL-
will appear for each AUTHENTICATION and
ALLOW-ORIGIN Client then makes the
Filter method AUTHORIZATION
Cognito User Pools API call with the token

ACCESS-CONTROL-
Rename Params ALLOW-HEADERS API Gateway will
validate and proceed

Modify Request and Used to edit the request


Use Cases
repsonses or response Supports ONLY
Mapping Templates AUTHENTICATION
In other words they are
Can be edited at Uses Velocity Template
different deployment
Integration Request Language
regions like
and Integration
DEV,STAGE,PROD
response stage.

Stages
Stage Variables are like Used like convention
Logs
env variables over configuration

Metrics
Can be used to point to The value in available in
Stage Variables the right lambda ALIAS the Lambda Context
Monitoring - Available
or Version object
Xray at stage level

First Create a role in


Assign the ARN in the
IAM and provide access
API Gateway
to push logs

You might also like