How To Secure Your AWS API Gateway Using Cognito Authorizer

An API Gateway is an API management solution that interfaces between a client and some backend services. It is mostly a software service that acts as a single point of entry for client traffic into your backend services or microservices application.

S…


This content originally appeared on DEV Community and was authored by Kelvin Onuchukwu

An API Gateway is an API management solution that interfaces between a client and some backend services. It is mostly a software service that acts as a single point of entry for client traffic into your backend services or microservices application.

So an API Gateway essentially acts as a reverse proxy,accepting requests from clients, streamlining and trasnporting them to the appropirate services.

API Gateways help with the following:

  • Security: They provide authentication, authorization and encryption.
  • Monetization: It is an easy way of monetizing your applications by providing services only to auhthenticated, paying customers.
  • Traffic management: With API Gateways you can control traffic routing, data transformation, rate limiting load balancing and flexible deployment options.
  • Monitoring: They provide logging capabilities, with real time metrics. this can be enormously helpful during a downtime event.

AWS API Gateway is a fully managed Cloud-based API gateway solution that makes it easy to create, publish and manage APIs at scale.

For the most part, if you are using AWS API Gateway, you want a way to control access to your APIs. You want to implement authentication and access control. Probably for reasons related to monetization or simply protecting your APIs from abuse.
No matter what your reasons are for wanting to protect your APIs, AWS provides two broad methods for securing access to your API Gateway - Cognito authorizer and Lambda authorizer.

An authorizer is nothing more than a validation mechanism to check if the user making the API calls have the necessary permissions to so. A request to the API gateway is first directed to the authorizer for validations before making its way to the backend services - if approved.

Cognito Authorizer

This is an authorisation mechanism supported by AWS Cognito user pools.

Let's practicalze this.

Here, I am in the API gateway Console. I am creating a resource called users and a GET method for my resource.
API Gateway

I have also created a basic Node.js Lambda function with the following code:

export const handler = async(event) => {

    console.log('event', event)
    const response = {
        statusCode: 200,
        body: JSON.stringify('Testing Lambda from API Gateway'),
    };
    return response;
};

This is the Lambda function I am using for the GET method.
Now my console looks like this:
API Gateway console

When I click on Test, I can see clearly that everything works great.
API Gateway console

To get a URL endpoint, I am going to deploy the API. You do this by clicking on the GET method and selecting Deploy API from the Actions tab.

API Gateway
When I copy the URL and paste into a browser, I can clearly see that everything works great.

Now here is the problem. As it is, anybody who has the URL can access my Lambda function. What I want to do is to create an authentication mechanism such that only authorized users are allowed access.

I am going to click on the authorizers tab and create a new authorizer.
Image description
As you can see, there are two authroizers to choose from - lambda or Cognito, here I am selecting Cognito Authorizer.

To proceed, I will enter my user pool name. You can create your own user pool. Any user pool will do.
Image description

I will then click on "create".

Now we need to integrate this authorizer with our gateway.
Click on the Resources and go to the GET method. Click on the "Method Request". Select the authorizer that you just created.
It should look like this:
Image description

Now because we've made changes to the method, we must redeploy our API. So, click on "resources", click on the GET method and under the "Actions" tab, select Deploy API.

Here is the URL
Image description
But you notice that when you visit this URL now, what you get is "{"message":"Unauthorized"}".

So any person trying to access our API gateway from now on must be an authorized user - having been authorized by the Cognito authorizer using our selected user pool.

To fully test this out, use Insomnia or Postman.
By providing the Token Source (which we added while creating the authorizer) and the access token (which you can get from the URL in the Cognito Hosted UI), we get a response from our Lambda function.

I hope this helps you as you continue your sojourn into the Cloud.
Happy Clouding!!!


This content originally appeared on DEV Community and was authored by Kelvin Onuchukwu


Print Share Comment Cite Upload Translate Updates
APA

Kelvin Onuchukwu | Sciencx (2023-06-06T17:46:59+00:00) How To Secure Your AWS API Gateway Using Cognito Authorizer. Retrieved from https://www.scien.cx/2023/06/06/how-to-secure-your-aws-api-gateway-using-cognito-authorizer/

MLA
" » How To Secure Your AWS API Gateway Using Cognito Authorizer." Kelvin Onuchukwu | Sciencx - Tuesday June 6, 2023, https://www.scien.cx/2023/06/06/how-to-secure-your-aws-api-gateway-using-cognito-authorizer/
HARVARD
Kelvin Onuchukwu | Sciencx Tuesday June 6, 2023 » How To Secure Your AWS API Gateway Using Cognito Authorizer., viewed ,<https://www.scien.cx/2023/06/06/how-to-secure-your-aws-api-gateway-using-cognito-authorizer/>
VANCOUVER
Kelvin Onuchukwu | Sciencx - » How To Secure Your AWS API Gateway Using Cognito Authorizer. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2023/06/06/how-to-secure-your-aws-api-gateway-using-cognito-authorizer/
CHICAGO
" » How To Secure Your AWS API Gateway Using Cognito Authorizer." Kelvin Onuchukwu | Sciencx - Accessed . https://www.scien.cx/2023/06/06/how-to-secure-your-aws-api-gateway-using-cognito-authorizer/
IEEE
" » How To Secure Your AWS API Gateway Using Cognito Authorizer." Kelvin Onuchukwu | Sciencx [Online]. Available: https://www.scien.cx/2023/06/06/how-to-secure-your-aws-api-gateway-using-cognito-authorizer/. [Accessed: ]
rf:citation
» How To Secure Your AWS API Gateway Using Cognito Authorizer | Kelvin Onuchukwu | Sciencx | https://www.scien.cx/2023/06/06/how-to-secure-your-aws-api-gateway-using-cognito-authorizer/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.