Authenticate app to AWS API Gateway with Cognito

Following is my use case -

I am developing an android app. I am trying to use aws api gateway and a lambda function at back of it. but even before i login i want to secure the HTTP calls and authenticate my application. For that i am planning to use cognito with the API Gateway. so first my call will go to cognito which will authenticate the application(not user) and then my call will go to any Lamda function. I want to include all of this in the SDK of api gateway.

Ques 1 - Is it even possible to do this way ( please refer me to some documentation or code)

Ques 2 - Is it recommended. or is there a better way to do it ?

Answers 1

  • Yes this is possible and I think it is the correct way to do it. You can use the use the Android SDK to make the call to Cognito and authenticate, in Cognito you can configure to give the temporary IAM account that is returned a specific role, this role should only have rights to call the API Gateway. Then your client can use these temporary IAM credentials to do calls to the API Gateway using the generated Android SDK (you can generate it from the API Gateway console after deploying your API). You have to configure your API endpoints in API Gateway to be secured by IAM and make sure to create OPTIONS methods on your resources if you need cross domain CORS support.

Related Articles