AWS Custom Authorizer IAM身份验证 [英] AWS Custom Authorizer IAM Authentication

问题描述

我已经搜索了互联网，但没有找到解决方案，因此希望有人可以给我提示.

I've searched the internet but didn't find a solution so hopefully somebody can give me a hint.

我有一个配置了Facebook授权者的联合身份池.API网关当前使用IAM Auth来允许经过身份验证的用户访问.这样做很好，但是我需要进行一些数据库查询，以检查是否确实允许用户访问端点(检查组，数据库中的角色等).

I have a federated identity pool with a configured facebook authorizer. The API Gateway currently uses the IAM Auth to allow access for authenticated users. This is works fine, but I need to make a few db queries to check if the user is really allowed to access the endpoint (Check groups, roles in my db etc.).

现在我的想法是使用自定义授权器，因为我不想在其他lambda函数和服务中调用我的用户服务.这样会导致运行时间更长，因为原始的lambda函数必须等待auth检查lambda，并且API网关将是进行auth检查的正确位置.

Now my idea was to use a custom authorizer, because I don't want to call my user service in other lambda functions and services. That would result in a higher runtime because the original lambda function has to wait for the auth check lambdas and the API Gateway would be the right place for auth checking.

那么可以在自定义授权方中向IAM进行身份验证吗?我还没有找到办法.

So is it possible to authenticate with IAM in a custom authorizer? I have not found a way, yet.

如果还有另一种方法，那么让IAM允许对联合身份进行身份验证(我们将不仅使用facebook):)

If there is another way then IAM to allow auth of federated identities let me know (we will use not only facebook) :)

感谢任何提示

推荐答案

当前无法通过IAM进行身份验证，然后运行自定义授权程序功能.我们的待办事项列表上有这个.

It is not currently possible to authenticate with IAM and then run a custom authorizer function. We have this on our backlog.

对于您的用例，我认为您最好的选择就是将细粒度的授权委托给您的后端.

For your use case, I think your best option is just to delegate the fine-grained authorization to your backend.

这篇关于AWS Custom Authorizer IAM身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！