AWS API网关与Cognito [英] AWS API Gateway with Cognito
问题描述
以下是我的使用情况 -
Following is my use case -
我开发一个Android应用程序。我想使用AWS API网关,并在它后面的lambda函数。 但即使在我登录我要保护的HTTP调用和验证我的应用程序。对于我计划使用cognito与API网关。所以首先我的呼叫将转到cognito这将验证应用程序(而不是用户),然后我的电话会去任何的Lamda功能。我想包括在API网关的SDK这一切。
I am developing an android app. I am trying to use aws api gateway and a lambda function at back of it. but even before i login i want to secure the HTTP calls and authenticate my application. For that i am planning to use cognito with the API Gateway. so first my call will go to cognito which will authenticate the application(not user) and then my call will go to any Lamda function. I want to include all of this in the SDK of api gateway.
疑问句1 - 它甚至有可能做到这一点的方式(请参考我的一些文件或code)
Ques 1 - Is it even possible to do this way ( please refer me to some documentation or code)
疑问句2 - 它是建议。还是有更好的方法来做到这一点?
Ques 2 - Is it recommended. or is there a better way to do it ?
推荐答案
是的,这是可能的,我认为这是做了正确的方法。您可以使用采用了Android SDK,使呼叫Cognito和验证,在Cognito可以配置给时返回一个特定的角色临时IAM账户,这个角色只应有权调用API网关。 然后你的客户端可以使用这些临时IAM凭证,才能完成使用生成的Android SDK中调用API网关(可以部署API后,从API网关控制台生成它)。 你必须配置API网关的API端点由IAM固定,并确保如果需要跨域CORS支持你的资源,创建选项的方法。
Yes this is possible and I think it is the correct way to do it. You can use the use the Android SDK to make the call to Cognito and authenticate, in Cognito you can configure to give the temporary IAM account that is returned a specific role, this role should only have rights to call the API Gateway. Then your client can use these temporary IAM credentials to do calls to the API Gateway using the generated Android SDK (you can generate it from the API Gateway console after deploying your API). You have to configure your API endpoints in API Gateway to be secured by IAM and make sure to create OPTIONS methods on your resources if you need cross domain CORS support.
- 在阅读有关Cognito: http://docs.aws.amazon.com/cognito/devguide /
- 在阅读API网关: 的http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
- Read about Cognito: http://docs.aws.amazon.com/cognito/devguide/
- Read about API Gateway: http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
这篇关于AWS API网关与Cognito的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
