How do I use AWS cognito response to authenticate API requests

Question

I am building a web app that authenticates via AWS Cognito, and uses an existing API gateway configuration to talk to Lambda functions.

In my app, when I authenticate, I get the following data back from Cognito:

The sample headers I've been given to authenticate to the Amazon API gateway look like this (x's added for obfuscation):

Content-type: application/json
Host: <API Gateway host>
X-Amz-DateL <Date>
Authorization:
AWS4-HMAC-SHA256 Credential=XXXXXXXXXXXX/20170222/ap-southeast-2/execute-api/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=f25e2a18d8c81fe9e7XXXXXXXXXXXXXXXXb7d586d24a3e39
Access_key:XXXXXXXX (this is a large string)

My question is what information do I need from my cognito result to craft the headers that I need to connect to the api?

I'm using Vue.js as a Javascript front end, and I've looked at the AWS SDK for Javascript but not sure if that helps me - for the moment I feel crafting the headers manually may be easier?

Answer 1

I believe what you're trying to do is authorize your already authenticated users. Explanation of the difference between authorization and authentication can be found here

In the case of authorization, you can create a Custom Authorizer. However, since you're using Amazon Cognito, be sure to create a Cognito User Pool Authorizer

Essentially, you'll use the IdToken from Cognito and pass it as the Authorization header to your authorizer function.

See also Integrating Amazon Cognito User Pools with API Gateway