Adding Custom Authorizer In AWS API Gateway
Posted By : Ankit Uniyal | 30-Apr-2018
In this blog, we will discuss Custom authorizer in AWS API gateway with lambda proxy integration. AWS API Gateway provides a medium through which we can set custom authorizer in AWS API gateway with our own Bearer token.
Below are the steps which we need to follow to enable custom authorizer in AWS API Gateway :
1. Create an AWS API Gateway and then go to Custom Authorizer tab which can be seen on the left side.
2. Click on 'Create New Authorizer' then type the name of the Authorizer and other details.
3. Add the Lambda ARN and also create policy which allows API Gateway to consider your lambda role.
4. Before that you need to add some configurations in your IAM role, first, go to IAM console.
5. Select your lambda role and then on 'Trust Relationship' tab and then Edit trust relationship and include API gateway as well with below policy rule.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com",
"lambda.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}]
}
6. Next, you need to create an IAM policy which allows API Gateway to create custom authorizer which is written below :
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "*"
}]
}
7. Now, you need to create Lambda authorizer function which returns valid IAM policy to API Gateway and this lambda ARN value will be used when you will be creating your custom authorizer.
8. Now, go to Lambda console and create new lambda function, you can also use the lambda authorizer blueprint.
9. Then return valid IAM policy via a callback and will authorize your request to your original lambda function which you have integrated with API Gateway via lambda proxy integration.
10. You can also below in your lambda authorizer function :
module.exports.authorize = function(event, context, callback) {
console.log("event:", JSON.stringify(event));
console.log("event:", JSON.stringify(context));
console.log('Client token: ' + event.authorizationToken);
console.log('Method ARN: ' + event.methodArn);
callback(null, {
"principalId": "22",
"policyDocument": {
"Version": "2018-04-18",
"Statement": [{
"Sid": "Stmt1459758003012",
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": [
"arn:aws:execute-api:*"
]
}]
}
});
}
11. When you hit your lambda function with API Gateway then first your API Gateway trigger your lambda authorizer function with Bearer token and the event object will be like this :
{
"type": "TOKEN",
"methodArn": "arn:aws:execute-api:eu-west-2:'your_account-number':xxxxxxxxxx/stage/GET/your_lambda_function_name",
"authorizationToken": "Bearer xxxxxx"
}
12. Your lambda authorizer function will only call once your Authorization value will be same as the one which is provided in your custom authorizer tab in AWS API Gateway console.
13. After then, your lambda authorizer function will call and it validates.
14. Then, your original Integrated
Thanks
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Ankit Uniyal
Ankit has knowledge in Javascript, NodeJS, AngularJS and MongoDB also have experience in using AWS Services.