CODEWITHSUNDEEP
aws-api-gatewayamazon-cognitoamazon-iam
BAD_SEED
BAD_SEED

Reputation: 5066

Amazon API Gateway authorization AWS_IAM

What does it means AWS_IAM as Authorization model in Amazon API Gateway?

enter image description here

If I test the Lambda inside the AWS console it works and prints "Hello World", but if I use the endpoint URL and open it inside another browser's tab it say {"message":"Missing Authentication Token"} how can I get this authentication token?

Upvotes: 16

Views: 23904

Answers (3)

Kartik Tushir
Kartik Tushir

Reputation: 309

To get the authentication token for cross account permission, I will assume that you have a role to assume or you can view this tutorial how it works and how to get one.

In the tutorial above you can see a step assume role which has this command

aws sts assume-role --role-arn "arn:aws:iam::123456789012:role/example-role" --role-session-name AWSCLI-Session

the response of this command will be similar to

{
"AssumedRoleUser": {
    "AssumedRoleId": "asdfa:AWSCLI-Session", 
    "Arn": "something"
}, 
"Credentials": {
    "SecretAccessKey": "key", 
    "SessionToken": "token", 
    "AccessKeyId": "key"
}

}

As shown in the @jaccus answer you can use the following value and send the request via postman

  • SecretAccessKey
  • SessionToken
  • AccessKeyId

Upvotes: 0

Jacek M
Jacek M

Reputation: 2418

Create a new IAM user

Go to AWS IAM and create a new user with programmatic access for accessing your API Gateway. Then attach a policy with enough permissions (AmazonAPIGatewayInvokeFullAccess) to the user/group to be able to access your API Gateway endpoint. Once you get through all the steps, you will be presented with a key/secret for your new user.

Make an API request with AWS Signature using Postman

Now, to simplify things, install Postman and then use the Authorization tab in your request page, to select AWS Signature:

Postman-AWS-Signature

Fill in AccessKey / SecretKey for your new user, AWS Region in which you operate (e.g., us-west-1) and click the Update Request button. At that point Postman will fill in the necessary Headers for your request and you can make authorized requests to your API Gateway.

Upvotes: 19

Bob Kinney
Bob Kinney

Reputation: 9030

Repeating my answer from our forums:

AWS_IAM authentication means you must sign requests using AWS signature version for and AWS credentials. More details on Signature Version 4 here.

You may want to look at a tool like Postman to generate signatures for testing.

Upvotes: 9

Related Questions