Reputation: 973
AWS API Gateway Method Authorization
I have domain with aws example.com, currently I have record set so that when user goes to example.com, it serves static website from S3 (done with angular) and backend api (Lambda and API gate way). And I don't have sign in process, as the purpose of site is public facing.
I can use apikey on method to authorize the http call, but I still have to save it in js code somewhere, which I don;t want to do. And I am not sure how IAM role can help me in this scenario.
Is there any way I can let api allow calls from specific domain ?
Upvotes: 0
Views: 511
Answers (2)
Reputation: 66
There are a few ways to skin this cat.
The least painful way is likely to be using AWS Signature V4-- unfortunately, there's no great answer for a site that doesn't have an auth system built in already. Someday they'll let us park API Gateways inside of VPCs, but that day isn't today.
Upvotes: 0
Reputation: 1058
You can use IAM Role defined for Unauthenticated user in AWS Cognito Federated Identities. The AWS document will guide through the process assigning IAM Role to the Unauthenticated user.
Then you can enable "AWS_IAM" Authorizer option in the API Gateway for any specific API's resources.
This question has similar approach in implementing the IAM Role - based to access API, in which the implementation is using External Federated Identities (Google) instead of unauthenticated user identities.
Upvotes: 1
Related Questions
- AWS ApiGatewayV2 HTTP API with custom authorization lambda
- authorization for API gateway
- Using AWS Lambda Authorizer in API Gateway
- AWS API Gateway with Angular
- Call Authorized Api Gateway endpoint from AWS Lambda function
- Authorization using Api gateway and Lambda
- How to authenticate with API Gateway?
- CORS AWS API-Gateway with Authentication Angular2
- Authorize AWS API Gateway by a Lambda
- AWS API Gateway security