Secure your API Gateway with Lambda Authorizer | Step by Step AWS Tutorial

Using AWS API Gateway and Lambda based authorizers, we can secure our API Gateway REST endpoint. Learn how to do it in this step by step tutorial.
Looking to get hands on experience building on AWS with a REAL project? Check out my course - The AWS Learning Accelerator! courses.beabet...
Interested in Authentication using Cognito instead? Check out • Secure your API Gatewa...
04:46 Creating an API Gateway Endpoint
07:04 Creating an AWS Lambda Function
09:10 Connecting API Gateway to Lambda
11:55 Creating a Lambda Authorizer for API Gateway
21:05 Testing our Authorizer
21:36 Connecting our Authorizer to our API Gateway Endpoint
🎉SUPPORT BE A BETTER DEV🎉
Become a Patron: / beabetterdev
📚 MY RECOMMENDED READING LIST FOR SOFTWARE DEVELOPERS📚
Clean Code - amzn.to/37T7xdP
Clean Architecture - amzn.to/3sCEGCe
Head First Design Patterns - amzn.to/37WXAMy
Domain Driver Design - amzn.to/3aWSW2W
Code Complete - amzn.to/3ksQDrB
The Pragmatic Programmer - amzn.to/3uH4kaQ
Algorithms - amzn.to/3syvyP5
Working Effectively with Legacy Code - amzn.to/3kvMza7
Refactoring - amzn.to/3r6FQ8U
🎙 MY RECORDING EQUIPMENT 🎙
Shure SM58 Microphone - amzn.to/3r5Hrf9
Behringer UM2 Audio Interface - amzn.to/2MuEllM
XLR Cable - amzn.to/3uGyZFx
Acoustic Sound Absorbing Foam Panels - amzn.to/3ktIrY6
Desk Microphone Mount - amzn.to/3qXMVIO
Logitech C920s Webcam - amzn.to/303zGu9
Fujilm XS10 Camera - amzn.to/3uGa30E
Fujifilm XF 35mm F2 Lens - amzn.to/3rentPe
Neewer 2 Piece Studio Lights - amzn.to/3uyoa8p
💻 MY DESKTOP EQUIPMENT 💻
Dell 34 inch Ultrawide Monitor - amzn.to/2NJwph6
Autonomous ErgoChair 2 - bit.ly/2YzomEm
Autonomous SmartDesk 2 Standing Desk - bit.ly/2YzomEm
MX Master 3 Productivity Mouse - amzn.to/3aYwKVZ
Das Keyboard Prime 13 MX Brown Mechanical- amzn.to/3uH6VBF
Veikk A15 Drawing Tablet - amzn.to/3uBRWsN
🌎 Find me here:
Twitter - / beabetterdevv
Instagram - / beabetterdevv
Patreon - Donations help fund additional content - / beabetterdev
Code: gist.github.co...
#APIGateway
#Lambda
#AWS

Пікірлер: 175

  • @Ricno2008
    @Ricno20083 жыл бұрын

    Greetings from São Paulo/Brazil my friend, congratulations for your incredible work.

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thank you! Cheers!

  • @rookhuang
    @rookhuang10 күн бұрын

    What a amazing tutorial. Thank you

  • @ADV-IT
    @ADV-IT5 ай бұрын

    Thanks, very clear explanation!

  • @tomascostantino5532
    @tomascostantino55322 ай бұрын

    Legend, I had my handler make requests to the auth service and not working, this is so handy. Thanks

  • @souadsadki1906
    @souadsadki19063 жыл бұрын

    Can't wait to see another interessting video, great content as always. Keep the good work !

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thank you very much!

  • @vighneshpp
    @vighneshpp3 жыл бұрын

    Awesome video. To the point and crystal clear. Thank you for making this video. Definitely going to recommend this channel to my peers!

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thanks Vighnesh for the kind words and super glad you enjoyed!

  • @GameChameleonChannel

    @GameChameleonChannel

    2 жыл бұрын

    @@BeABetterDev hey boss, I follow your steps step by step, when I test the authorizer I get a "AuthorizerFailureException" error any clues why this would be?

  • @skularatna8136

    @skularatna8136

    9 ай бұрын

    @@BeABetterDev my devs are using a lambda function authoriser using auth0 for an api gateway but ever so often when a client tries to access an endpoint to do a PUT or POST method for example the token has already expired. Any ideas ?

  • @VishalRaoOnYouTube
    @VishalRaoOnYouTube3 жыл бұрын

    2:37 I think they make you return a relatively complex policy document (as a opposed to a simple "Allow"/"Deny") so that you can Allow/Deny for an array of resource ARNs.

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hi Vishal I think you're right, doing it this way gives a lot of flexibility to developers to produce some interesting experiences. Thanks for watching!

  • @ChronologieIV

    @ChronologieIV

    2 жыл бұрын

    You're right Vishal. In that way one could allow/deny an entire "tree" of related endpoints based on a role, for instance.

  • @pradeepmca
    @pradeepmca3 жыл бұрын

    Were exactly is policy document configured? How is the policy response format is validated? Based on Policy response from authorize, how does API gateway interpret to have the intelligence to allow or deny a request? These clarity on these to get full understanding of nicely explained video.

  • @markmishyn
    @markmishyn Жыл бұрын

    I'm so grateful! Without this crucial information about delay on 22:08 I was unable to attach my authorizer to a method.

  • @Disproportionableness
    @Disproportionableness10 ай бұрын

    The is exactly the foundation I needed to get started with gateway auth. Thank you thank you thank you thank you thank you.

  • @vijayyadav1002
    @vijayyadav10022 жыл бұрын

    Very helpful video. I had it done through cloudformation template and it worked. Keep up the good work.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Glad it helped Vijay!

  • @sudhirtataraju9853
    @sudhirtataraju98533 жыл бұрын

    Excellent Demo! Thankyou soo much sir

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    You're very welcome sudhir!

  • @chaitanyagupta4741
    @chaitanyagupta474111 ай бұрын

    What an amazing video. Clear and very well organized explanation . It worked like a charm for me. Thank you for your work!

  • @monzermasri4490
    @monzermasri44903 жыл бұрын

    what a clear explanation, great job

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thanks Mohamed! Glad you enjoyed and thanks for the support!

  • @brenoa.santos4493
    @brenoa.santos44933 жыл бұрын

    Great video! Thanks

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    You're very welcome Breno!

  • @NomadVlogs
    @NomadVlogs2 жыл бұрын

    Awesome video. To the point and crystal clear. Thank you for making this video.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    You're very welcome!

  • @dftwitch
    @dftwitch2 жыл бұрын

    wow thanks!, you saved me hours of time.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Glad I could help.

  • @baidya87
    @baidya872 жыл бұрын

    Thank you!! Very well explained.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Glad it was helpful!

  • @thamizhi6819
    @thamizhi68193 жыл бұрын

    Crystal Clear Bro

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thank you Thamizhi!

  • @MyLifeWithKai
    @MyLifeWithKai2 жыл бұрын

    This was really easy to follow! Thank you!

  • @BeABetterDev

    @BeABetterDev

    Жыл бұрын

    You're very welcome Neha!

  • @coderite6311
    @coderite63113 жыл бұрын

    Oh My this video is a life saver Thanks so much for this

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    You're very welcome!

  • @ibraheemalsaady3216
    @ibraheemalsaady3216 Жыл бұрын

    Great video, it helped me understand the flow. Thanks a lot

  • @tolulopeibiyode3104
    @tolulopeibiyode31042 жыл бұрын

    Your work is appreciated.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Thank you!

  • @vinodkotha9879
    @vinodkotha98792 жыл бұрын

    Your tutorials are great and helpful.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Thanks so much Vinod!

  • @DanielLpz1
    @DanielLpz19 ай бұрын

    Nice video, help me a lot !!

  • @ChronologieIV
    @ChronologieIV2 жыл бұрын

    Really clear and helpful. Thanks.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    You're very welcome!

  • @christopher5731
    @christopher57313 жыл бұрын

    Excellent video! Keep up the good work.

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thank you very much!

  • @Venturebits
    @Venturebits Жыл бұрын

    Thank you, Amazing Video

  • @BeABetterDev

    @BeABetterDev

    Жыл бұрын

    You’re very welcome!

  • @rueliotube
    @rueliotube2 жыл бұрын

    Awesome! I appreciate this clear and easy demo.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    You're very welcome!

  • @vijayvavilapalli1002
    @vijayvavilapalli10022 жыл бұрын

    Thankyou this is really helpful to me...

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Youre very welcome Vijay!

  • @VishalRaoOnYouTube
    @VishalRaoOnYouTube3 жыл бұрын

    Oh YEAH! Gonna watch this tonight! Thanks man!

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hope you like it!

  • @VishalRaoOnYouTube

    @VishalRaoOnYouTube

    3 жыл бұрын

    @@BeABetterDev It was awesome. Thanks again! I also appreciate linking to the source code Gist.

  • @j2s.768
    @j2s.768 Жыл бұрын

    This is very helpful.

  • @BeABetterDev

    @BeABetterDev

    Жыл бұрын

    Thank you!

  • @tamiltoken
    @tamiltoken2 жыл бұрын

    Perfect explanation special thanks from Tamil Crypto

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    You're very welcome!

  • @satya4866
    @satya48663 жыл бұрын

    Awesome dude. Thank you

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    You're very welcome satya!

  • @MohammedNoureldin
    @MohammedNoureldin3 жыл бұрын

    Very good video! Thanks a lot!

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thanks Mohammed! Glad you enjoyed.

  • @wholeofmine
    @wholeofmine3 жыл бұрын

    Super Explanation !!

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thanks Prasad!

  • @gingacode
    @gingacode Жыл бұрын

    Thank you. Awesome video.

  • @kunalsaha9526
    @kunalsaha95262 жыл бұрын

    Appreciate your knowledge !

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Glad you enjoyed Kunal!

  • @kanishksoni4579
    @kanishksoni4579 Жыл бұрын

    beautifully explained

  • @HimanshuKumar-xz5tk
    @HimanshuKumar-xz5tk3 жыл бұрын

    This is some good work. Thanks.

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thanks Himanshu! Glad you enjoyed.

  • @vijayvavilapalli1002
    @vijayvavilapalli10022 жыл бұрын

    We expect more videos from you.. like this thankyou

  • @michaelriecken5482
    @michaelriecken5482 Жыл бұрын

    Thanks

  • @BeABetterDev

    @BeABetterDev

    Жыл бұрын

    Thank you so much!

  • @steveb7600
    @steveb76002 жыл бұрын

    It seems to serve the same purpose as creating an API key but has more developed options.

  • @ErikaGiselleGutierrez
    @ErikaGiselleGutierrez Жыл бұрын

    Great tutorial!!!! Thank you

  • @SteelTrapSoftware
    @SteelTrapSoftware2 жыл бұрын

    Very useful, thank you!

  • @buildingtechies
    @buildingtechies Жыл бұрын

    You are a day saver.

  • @krishind99
    @krishind993 жыл бұрын

    This is fantastic. Would love to see, how and where authorization token is generated. Do you have a video on that?

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hi Krishnan, I have another video coming out soon on securing your API using Cognito which uses user tokens. Stay tuned!

  • @Harry-jj6qw
    @Harry-jj6qw3 жыл бұрын

    great stuff, thank you!

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    My pleasure!

  • @martinmillar1536
    @martinmillar15362 жыл бұрын

    I do this authorization in my lambda functions. I read the API key from body/header, check it's OK, and if it is I run the rest of the code. Is there any reason why I shouldn't be doing this? Any cost or anything else reasons? The only thing I can think of is that you have a single 'authorization function', but I don't know if I'm missing anything else. Thank you. And great videos BTW. Helped me a lot getting a project using Lambda and Dynamo up and running properly.

  • @axelleuenberger2792
    @axelleuenberger27923 жыл бұрын

    I dont get, the test within AWS is working, but the test with postman is always wrong. I dont have the "explicit deny", everytime the "User is not authorized to access this resource" Anyone with the same issue?

  • 3 жыл бұрын

    I set the ARN like this and worked , note the last backslash: arn:aws:execute-api:us-west-2:YYYYYYYYYY:XXXXXXXX/test/GET/customers/

  • @chaitanyareddy7597

    @chaitanyareddy7597

    3 жыл бұрын

    @ yes thanks ! "Resource": "arn:aws:execute-api:{regionId}:{accountId}:{apiId}/{stage}/{httpVerb}/[{resource}/[{child-resources}]]" as per doc.

  • @vsingh-26
    @vsingh-26 Жыл бұрын

    Great, to the point video, exactly what I wanted. Thank you. Does anyone know if a request header can be updated in the custom authorizer before the sending the request to the service fronted by the API gateway?

  • @ClicksoftheWild
    @ClicksoftheWild Жыл бұрын

    Thank you

  • @alexandremunhoes3421
    @alexandremunhoes34213 жыл бұрын

    Great video!!!!

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Thanks Alexandre!

  • @manthanrathod1046
    @manthanrathod10468 ай бұрын

    Can we use this Authorizer (lambda function that authorises the token) for multiple lambda functions (lambda function that returns the actual response)?

  • @josepoktopus8924
    @josepoktopus8924 Жыл бұрын

    For cors problem: 1. Api gw, enable cors 2. allow headers

  • @pedrobb7
    @pedrobb73 жыл бұрын

    Super helpful, thanks.

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    You're very welcome Pedro!

  • @Hackenbaker
    @Hackenbaker2 жыл бұрын

    Awesome!!! TRhanks a lot.

  • @mjerez6029
    @mjerez6029 Жыл бұрын

    what is the advantage of this vs handling the authorization in the original lambda handler with your business logic?

  • @BeABetterDev

    @BeABetterDev

    Жыл бұрын

    Doing it in your Lambda function means you're mixing your function's implementation with authorization concerns. Ideally we want to separate our concerns and use the SRP (single reponsibility principle).

  • @mdasifkhan6520
    @mdasifkhan6520 Жыл бұрын

    thanks man

  • @kowshikjayakumar8405
    @kowshikjayakumar84053 жыл бұрын

    How can we contruct authResponse , Is there ant predefined json there we can use ?

  • @tuannguyenanh838
    @tuannguyenanh8382 жыл бұрын

    thank you!

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    You're very welcome!

  • @JustThink2000
    @JustThink20005 ай бұрын

    Could I use this same methodology if my authorized resource is a Python flask api? Basically, I want to use this method to authorize access to my Python api

  • @mendonrohan
    @mendonrohan7 ай бұрын

    good video

  • @BeABetterDev

    @BeABetterDev

    7 ай бұрын

    Thanks!

  • @shafeevkd
    @shafeevkd6 ай бұрын

    Thanks for the video. I have a doubt about what the difference is if I'm writing the logic to authorize the Api in connect Lambda itself instead of a custom lambda authorizer.

  • @prakashKumar-zj8nw

    @prakashKumar-zj8nw

    5 ай бұрын

    Suppose you have 100 different lambdas . Then you will have to write the same code 100 times . Using this you just need to attach this lambda to every lambda .

  • @ykuldeep
    @ykuldeep Жыл бұрын

    Can we configure customerId and authToken both to AuthLambda?

  • @alxx736
    @alxx7363 жыл бұрын

    Hi ! Always great . I still dont understand how you authenticate the user ,how the user got the autherization token.

  • @vladbunin8994
    @vladbunin89944 ай бұрын

    What if i need to return token expired 401 error?

  • @numpyasnum1768
    @numpyasnum17682 жыл бұрын

    We're gonna pass in authorizationToken from the user's perspective. Where?! In the header?, the body?, the query params?

  • @yogeshdubey2031
    @yogeshdubey2031 Жыл бұрын

    Hey i have doubt we are having two functions one for authorization and another for the actual request cant we end making use of one function only in which first we'll perform authorization and then perform the rest of the task.

  • @santhoshkumar2297
    @santhoshkumar22972 жыл бұрын

    Hi , Make video using azure ad group for api auth restrictions using lambda authorizer.

  • @touhidulislam5286
    @touhidulislam5286 Жыл бұрын

    Is putting account ID into the policyDocument good practice? Is there any other way to do that?

  • @CarlosMito
    @CarlosMito2 жыл бұрын

    Awesome! Thanks I have doubt, can i return a different response if is it Unauthorized ? A custom object ? And I have troubles to get that message "Unauthorized" from Angular, always return status 0, from postman all Ok

  • @vishaldindalkop2952
    @vishaldindalkop29522 жыл бұрын

    How can I attach the custom response to the authorizer? On Deny i wanna response with custom message.

  • @abdoualgerian5396
    @abdoualgerian53963 жыл бұрын

    Hi man , hope you're doing well , your youtube channel is teaching gold and i need to spend a lot of time in here but i dunno where to start knowing that i'm new to aws , could you or anyone of your fans help me please ? i appreciate your help

  • @amilasilva7
    @amilasilva73 жыл бұрын

    Keep this up brohhh

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Will do! Thanks Amila.

  • @anuradharamesh3377
    @anuradharamesh33773 жыл бұрын

    Thank you this is incredible. Quick question, how does the end user of the API provide the authorizationToken? After I deploy the API and I need to share it with my end users, what step is needed for them to invoke this API and enter the token? Can you please clarify? Thank you!

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hi Anuradha, Great question. So this method (using a Lambda authorizer) assumes you are using you are validating your users login and password through a separate API and generating a token that is stored in a database somewhere. When calling the API in this video, the token would be provided as an input and validated by the Lambda authorizer by inspecting the token to ensure it is in the database. This is just one way of doing it but hopefully it gives you an idea of how it could be done. If you are looking for an easier way to manage user credentials and tokens, check out my other video where I did the same thing with API gateway, but used a Amazon Cognito user pool authorizer. Link here: kzread.info/dash/bejne/oXqHt5irmKmrhM4.html Hope this helps, Daniel

  • @anuradharamesh3377

    @anuradharamesh3377

    3 жыл бұрын

    @@BeABetterDev Thank you Daniel

  • @rsbl
    @rsbl3 жыл бұрын

    Thanks for this! Exactly what I am looking to implement next! What's the program you're using for the architecture diagram??

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hi Rosbel! You're very welcome. The software I am using is called www.draw.io !

  • @MS-ew2ru
    @MS-ew2ru Жыл бұрын

    thanks for the great tutorial, really helpful! one thing I still can't get, how can we pass actual tokens to this lambda authorizer (as in instead of"abc123" in this example)?

  • @mikeyinger4204
    @mikeyinger42042 жыл бұрын

    Thanks for a helpful tutorial. Why name the GET lambda function DemoHandler? Doesn't this function return 'customer' data? Why not name it CustomerHandler?

  • @chaitanya7903
    @chaitanya79033 жыл бұрын

    thank you

  • @8989superduper
    @8989superduper Жыл бұрын

    Have a question. Is it safe to use payload info in my access token from my backend lambda handler without decoding the token with public key as far as its been verified in lambda authorizer??

  • @soumyabratamukherjee3613
    @soumyabratamukherjee3613 Жыл бұрын

    I have created the rest API as per your suggestion. But the only difference is that is a private API as I cannot create a regional API. This is creating issue while trying to call authorizer lambda as it is mandatory to give resource policy to the API. Could you please suggest how to do the authorization for a private rest API?

  • @jasonpanugaling
    @jasonpanugaling3 жыл бұрын

    can you do a nodejs version for this please?

  • @madhumsr2814
    @madhumsr28143 жыл бұрын

    Hi how can we find policy document which was in authResponse?

  • @syedjunedali9330
    @syedjunedali93302 жыл бұрын

    I followed each step but still when I am sending request in podman it is not printing hello world output.

  • @nitinjanagam
    @nitinjanagam3 жыл бұрын

    Could you please do a video on using a Cognito Authorizer for securing API Gateway?

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hi Nitsy, this is coming soon. Thanks for the suggestion!

  • @rohangarad6514
    @rohangarad65143 жыл бұрын

    hello , i don't know much about it, can u please how can resolve 403 Forbidden error showing in my postman response. or do i need to change any other setting ?

  • @thesarcos
    @thesarcos8 ай бұрын

    something I didn't see in this vide was it is necessary to give to the lambda AUTHORIZER permission to invoke your DEMO lambda to do this go to the API section where you see: - resources -Stages -Authorizers -Gateway Responses -Models -Resource Policy -->>> here ADD the json below -Documentation -Dashboard -Settings { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": "*", "Action": "execute-api:Invoke", "Resource": "*" } ] } in Resource you can add the arn of your DEMO lambda

  • @thesarcos

    @thesarcos

    8 ай бұрын

    other thing ... keep an eye over "Resource":["arn:aws:execute-api:us-east-1:accoint_id:api-id/test/GET/method"] this "Resource":["arn:aws:execute-api:us-east-1:accoint_id:api-id/*/*"] didn't work for me

  • @asafshay7231
    @asafshay72312 жыл бұрын

    can I create authorizer in sam local api gateway ?

  • @guybraunstain4639
    @guybraunstain46392 жыл бұрын

    Nice, is it possible to use AWS_IAM authorizer with the lambda authorizer too?

  • @huscachafe
    @huscachafe Жыл бұрын

    Great 🎉

  • @saidurgakameshkota1246
    @saidurgakameshkota12463 жыл бұрын

    If we have api key as authorisation why we need lambda

  • @darianarguello1991
    @darianarguello19912 жыл бұрын

    Hi, thanks for the video! Configure exactly the same as mentioned but with the difference that my API is not in a lambda. I redirect http traffic to my server. When I post to my API I get the following error: "Message": "User is not authorized to access this resource" Do you know what that could be? Thanks!

  • @tonante27
    @tonante272 жыл бұрын

    How does your Lambda Authorizer detect if an IAM user has been Disabled. We have a two client servers. The first one uses a payload of just the base64 token of the username : password while the other server uses the username and password (password is masked). When I have an active test user, they are allowed to access the API gateway. However when that same user is Disabled (password is null) in IAM, that user should not be allowed to access the gateway. I don't want to program a credentials report csv file using boto3 that's encoded to base64. This would expose too much account user info - very risky. Is there another way for the Lambda function to determine when an IAM user has been deactivated? Thanks

  • @ispepsi2023
    @ispepsi20236 ай бұрын

    I couldn't replicate the postman attempt, no matter what, it just says I'm unauthorized. I'll watch the video once more, I may have missed something

  • @asafshay7231
    @asafshay72312 жыл бұрын

    is it possible for anonymous user ?

  • @damiengeranton7375
    @damiengeranton73752 жыл бұрын

    Hello, Thanks for your videos that are very clear. I am new in AWS but it seems that the console has changed and I do not see the same thinks that you present. Your version seems much better. Do you think how I could use the same console version as yours ? For example in my version I do not find any test capability. I do not have resource menu ...

  • @damiengeranton7375

    @damiengeranton7375

    2 жыл бұрын

    I answer my own question;-) It could help someone else. I finally found the reason, I created an HTTP API and not a REST API. It leads to have a different UI.

  • @BeABetterDev

    @BeABetterDev

    2 жыл бұрын

    Hi Damien. You beat me to it. It looks like the AWS team is slowly migrating users to HTTP APIs, but the concepts demonstrated in this video should remain the same. Daniel

  • @tikboyjan
    @tikboyjan2 жыл бұрын

    I’m getting CORS error

  • @TheDhanuroutu
    @TheDhanuroutu3 жыл бұрын

    Can we do with Cognito Authorizer and access to some particular API gateway resource?

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hi Dhanu, Yes! You should check out Cognito Identity Pools which accomplish exactly this!

  • @TheDhanuroutu

    @TheDhanuroutu

    3 жыл бұрын

    @@BeABetterDev I tried with the cognito identity, but couldn't achieve that. Can you do a video on congito identity to achive the IAM roles to access API gateway.

  • @HimanshuKumar-xz5tk
    @HimanshuKumar-xz5tk3 жыл бұрын

    When I test it in console, it's working fine but in postman it's returning 400 bad request. Please help.

  • @BeABetterDev

    @BeABetterDev

    3 жыл бұрын

    Hi Himanshu, Are you remember to put the /resourceName when making the request? Also make sure you are using the correct type (GET or POST)

  • @HimanshuKumar-xz5tk

    @HimanshuKumar-xz5tk

    3 жыл бұрын

    @@BeABetterDev Yes. Although I am using jwt based authorization. I am able to get correct policy in my aws console so I could not find any reason why it's not working with postman or my front-end. My fetch request looks like this:- return await fetch(GET_CUSTOMERS_URI, { method: 'GET', // *GET, POST, PUT, DELETE, etc. mode: 'cors', // no-cors, *cors, same-origin cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached credentials: 'same-origin', headers: { 'authorizationToken': 'Bearer ' + token, 'Content-Type': 'application/json', }, redirect: 'follow', // manual, *follow, error referrerPolicy: 'no-referrer', }) It's working fine when I change authorization to none in /customer resource and I get data. But with authorization, it's giving 400 bad request error.

Келесі