使用Cognito将应用程序验证到AWS API Gateway [英] Authenticate app to AWS API Gateway with Cognito
问题描述
以下是我的用例-
我正在开发一个android应用。我正在尝试在其背面使用aws api网关和lambda函数。
,但即使在我登录之前,我也想保护HTTP调用并验证我的应用程序。为此,我计划将cognito与API网关配合使用。因此,我的呼叫将首先转到cognito,它将对应用程序(而非用户)进行身份验证,然后我的呼叫将转到任何Lamda函数。我想将所有这些都包含在api网关的SDK中。
I am developing an android app. I am trying to use aws api gateway and a lambda function at back of it. but even before i login i want to secure the HTTP calls and authenticate my application. For that i am planning to use cognito with the API Gateway. so first my call will go to cognito which will authenticate the application(not user) and then my call will go to any Lamda function. I want to include all of this in the SDK of api gateway.
问题1-甚至可以这样做吗(请参考一些文档或代码)
Ques 1 - Is it even possible to do this way ( please refer me to some documentation or code)
问题2-建议这样做。还是有更好的方法?
Ques 2 - Is it recommended. or is there a better way to do it ?
推荐答案
是的,这是可能的,我认为这是正确的方法。您可以使用Android SDK来调用Cognito并进行身份验证,在Cognito中,您可以配置为给返回的临时IAM帐户指定特定角色,该角色应仅具有调用API网关的权限。
然后,您的客户端可以使用这些临时IAM凭据使用生成的Android SDK调用API网关(您可以在部署API后从API Gateway控制台生成它)。
如果您需要跨域CORS支持,则必须将API网关中的API端点配置为由IAM保护,并确保在资源上创建OPTIONS方法。
Yes this is possible and I think it is the correct way to do it. You can use the use the Android SDK to make the call to Cognito and authenticate, in Cognito you can configure to give the temporary IAM account that is returned a specific role, this role should only have rights to call the API Gateway. Then your client can use these temporary IAM credentials to do calls to the API Gateway using the generated Android SDK (you can generate it from the API Gateway console after deploying your API). You have to configure your API endpoints in API Gateway to be secured by IAM and make sure to create OPTIONS methods on your resources if you need cross domain CORS support.
- 了解有关Cognito的信息: http://docs.aws.amazon .com / cognito / devguide /
- 了解有关API网关的信息:
http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
- Read about Cognito: http://docs.aws.amazon.com/cognito/devguide/
- Read about API Gateway: http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
这篇关于使用Cognito将应用程序验证到AWS API Gateway的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
