In a sample AWS serverless architecture, there would be S3 hosting a static website, calling API gateway endpoints via javascript, which in turn invokes Lambda functions.
How to authenticate against the AWS API gateway without making the credentials public by storing them in publicly accessible javascript source served from S3?
(not asking about backend credentials, these are easily stored (and encyprted) in environment variables accessible to the Lambda functions)
API Gateway sets the s3-host-name and passes the client specified bucket and key from the client to Amazon S3. (Optional) In Path override type /. Copy the previously created IAM role's ARN (from the IAM console) and paste it into Execution role. Leave any other settings as default.
API Gateway supports containerized and serverless workloads, as well as web applications.
A Lambda integration maps a path and HTTP method combination to a Lambda function. You can configure API Gateway to pass the body of the HTTP request as-is (custom integration), or to encapsulate the request body in a document that includes all of the request information including headers, resource, path, and method.
Your users would typically authenticate using Cognito or some other auth backend, exchanging their credentials for a JWT token or equivalent that is used to authenticate to API Gateway. Here's an example of the steps involved.
It's also possible to support unauthenticated users with Cognito.
If there are situations in which you need API Gateway calls to be made without authentication, then see this response.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With