This document will explain to you how to integrate AWS Cognito in your REST APIs using AWS API Gateway through CDK, so you can enforce control access on your REST API based on Cognito tokens. More info about Cognito as API Gateway Authorizer here.
1. Create a REST API service:
const api = new RestApi(this, 'rest-api', {
...
});
2. Create Authorizer
const authorizer = new CfnAuthorizer(this, 'rest-api-cognito-authorizer', {
restApiId: api.restApiId,
type: 'COGNITO_USER_POOLS',
name: 'cognitoauthorizer',
providerArns: [userPoolArn], // userPoolArn is userPool.arn value
identitySource: 'method.request.header.Authorization',
});
3. Attach the authorizer (as of CDK 1.51.0 there is not yet a non-hackish way to handle this)
const method = api.root.getResource('myResource').addMethod('GET', new LambdaIntegration(...));
const resource = method.node.findChild('Resource');
(resource as CfnResource).addPropertyOverride('AuthorizationType', AuthorizationType.COGNITO);
(resource as CfnResource).addPropertyOverride('AuthorizerId', { Ref: authorizer.logicalId });
Comments
0 comments
Please sign in to leave a comment.