Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (12.9k points)

AWS has an API Gateway, that makes it pretty easy to set up, manage and monitor your API. However, the security authorization settings that you can set for resource methods is limited to AWS-IAM (which to my understanding is an internal vpn role?).

It seems that my research on this subject has been pointing me to setting up an AWS Cognito pool, but when I go to configure one in my aws console, the options for providers are: Amazon, Facebook, Google+, Twitter, OpenID, and Custom. I guess, in that case, I would use Custom? Then setup my own EC2 instance as an OAuth2 Authentication Provider Server.

Given that Oauth2 is so popular these days it surprises me that there isn't an AWS service for this; it seems they've gone the whole OpenId or SAML route instead. It also surprises me that there is a lack of guides on how to quickly setup an Oauth2 Provider in the cloud.

Any help would be appreciated.

1 Answer

0 votes
by (18.2k points)

Amazon's API Gateway now supports Amazon Cognito OAutho2 Scopes: https://aws.amazon.com/about-aws/whats-new/2017/12/amazon-api-gateway-supports-amazon-cognito-oauth2-scopes/

You can create Amazon Cognito user pool authorizer and then configure the same as your Authorisation method in API Gateway. To use OAuth scopes, you will need to configure a resource server and custom scopes with the Cognito user pool that you created.

On the basis of the scope received in the access token, the API Gateway will grant allow or deny permission to the caller of your API

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

Browse Categories

...