Custom Authorizer


Amazon API Gateway can leverage an AWS Lambda function to make authorization decisions.

In order to support bearer tokens, such as JWT tokens, you can use custom authorizers. When configured with a custom authorizer, API Gateway invokes a Lambda function with the request token and context. The Lambda custom authorizer must return a policy that API Gateway can use to make the authorization decision for the entire API, not just the specific method that was called

You can also return a set of key/value pairs that are appended to the request context values.

The code for our custom authorizer is in the ListUnicornAuthorizer folder, open the folder and take a look at the index.js file to get an idea of how our custom authorizer works.

To authorize access to our new list rides API we rely on a custom scope called UnicornManager/unicorn - this scope is automatically added to client tokens produced by the Unicorn Manager application.

Step 1: Download ListUnicornAuthorizer.zip

ListUnicornAuthorizer

Step 2: Go to AWS Lambda Console

Step 3: Choose Create Function

Step 4: Click the Author from scratch button at the top of the blueprint list

Step 5: Enter ListUnicornAuthorizer in the Name field

Step 6: Choose WildRydesLambda from the existing role

Step 7: Select Python 3.8 for the Runtime

You need to attach DynamoDBRead Policy for this role, go back to Attach Policy for detail instructions

security

Step 8: Click Create Function

Step 9: Change the Code Entry type to Upload a .ZIP file

security

Step 10: Click the Upload button and select the ListUnicornAuthorizer.zip file in the current module folder.

security

Step 11: Expand the Environment variables section and declare a new variable called USER_POOL_ID.

The value for the variable is the Pool Id for the WildRydes user pool, you can find the value in the Cognito console.

security security