We have have an existing application and we are developing the new APIs required for our application in AWS.
We want to enable role based access control to our AWS API without migrating our users to AWS Cognito. We think we might need to use Developer Identity Provider and IAM Roles, but not sure how the users from our application will be attached to IAM Roles. Any help in this direction will be appreciable.
Thanks in advance.
Note: I am new to AWS.
I think you should have a look at API Gateway Custom Authorizers.
This way you can plug your already existing authorization system into the API gateway. I wouldn't use IAM roles as long as you are not sharing AWS resources directly with your users.
If you are only using role based access controls for your application, using existing application roles is absolutely fine. You just need to make them accessible, so the custom authorizer lambda can validate the authorization against it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With