SuicideSheep
Reputation: 5550
How to restrict access from invoking API URL?
As shown above one of my lambda function HelloCloudGurus which trigger by API gateway and it can be triggered by the API link as below:
https://APIServiceID.execute-api.ap-southeast-1.amazonaws.com/prod/HelloCloudGurus
When I click on the link it shows that I can still access the link despite the Authorization has been set to AWS_IAM?
How to configure it so that it will validate signature on request and return me something like below?
{"message":"Missing Authentication Token"}
Upvotes: 0
Views: 362
Answers (1)
Vijayanath Viswanathan
Reputation: 8541
Please use Cognito. You can still acheive it by API Gateway Custom Authorizer but Cognito is the right candidate for security. Have a read on below AWS documentation for custom authorizer,
http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html
Upvotes: 2
Related Questions
- How can I deny public access to an AWS API gateway?
- Restrict aws api access to a particular ip
- Only allow Lambda functions to call API Gateway
- How can I deny all users except one to invoke API in AWS API Gateway
- How to protect AWS API gateway URL from unauthorized access?
- Limit access to lambda or api gateway to a specific vpc
- Limiting Access to API Gateway (and AWS Lambda) in a package
- How to control access to AWS API Gateway Endpoint
- AWS API Gateway security
- How can I allow limited access to API created in aws API gateway?