问题
I want to create an api for my app that is only accessible by my app. I have added the AWS Cognito identity to my appDelegate like so:
AWSCognitoCredentialsProvider *credentialsProvider = [[DeveloperAuthenticationProvider alloc] initWithRegionType:AWSRegionUSEast1 identityPoolId:@"poolId"];
AWSServiceConfiguration *configuration = [[AWSServiceConfiguration alloc] initWithRegion:AWSRegionUSEast1 credentialsProvider:credentialsProvider];
AWSServiceManager.defaultServiceManager.defaultServiceConfiguration = configuration;
__block NSString *cognitoId = nil;
// Retrieve your Amazon Cognito ID
[[credentialsProvider getIdentityId] continueWithBlock:^id(AWSTask *task)
{
if (task.error)
{
NSLog(@"Error: %@", task.error);
}
else
{
// the task result will contain the identity id
cognitoId = task.result;
}
return nil;
}];
How do I use this gonitoId that gets returned to make sure that this is the only app with the id that can access my api? Do I need to save this id and use it when accessing the api?
Thanks.
回答1:
Securing the API with 'AWS_IAM' authorization will require that requests are signed with credentials in the same AWS account. Past that, if you are in control of the account then you should be able to ensure that only the Cognito roles have access by setting a fine-grained policy with the API Gateway actions and resources.
http://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html#api-gateway-calling-api-permissions
The app should be receiving Cognito credentials when authenticated so you'll use in the API Gateway SDK. The generated SDKs are available in iOS Android and JavaScript.
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-generate-sdk.html
来源:https://stackoverflow.com/questions/38890643/creating-a-private-amazon-api-gateway