How can i implementation RBAC in Aws Cognito with Amazon Cognito Identity Js

Question

How can i implement RBAC in Aws Cognito for AWS Api gateway.

This my example authorization in my AWS Api Gateway

This example my lambda function to connect with aws cognito with nodejs.

 var mysql = require("mysql");
const uuidv4 = require("uuid/v4");



exports.endSession = (event, context, callback) => {
  context.callbackWaitsForEmptyEventLoop = false;
  const updateSession = () =>
    new Promise((resolve, reject) => {

      pool.query(
        `UPDATE sessions SET end_time = CURRENT_TIMESTAMP() WHERE sessions.uuid = '${
        event.uuid
        }'`,
        (err, res, field) => {
          if (err) {
            reject(err);
          }
          resolve(res);
        }
      );
    });


  updateSession()
    .then(() => {
      const resp = {
        status: "success",
        data: {
          message: "Successfully end session"
        }
      };

      callback(null, resp);
    })
    .catch(err => {
      callback(null, err);
    });
};

Answer 1

One method could be to apply custom authorizer function on Api Gateway to filter out unnecessary traffic after verification with you Database.

This is how Custom authorizer function works

1. User tries to access the api
2. Api gateway intercepts user's request
3. here CustomAuthorizer function comes in play, you can validate the JWT tocken, validate his role etc any custom logic you want to apply for that user.

Following is the link for custom authorizer https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html