问题
I've searched the internet but didn't find a solution so hopefully somebody can give me a hint.
I have a federated identity pool with a configured facebook authorizer. The API Gateway currently uses the IAM Auth to allow access for authenticated users. This is works fine, but I need to make a few db queries to check if the user is really allowed to access the endpoint (Check groups, roles in my db etc.).
Now my idea was to use a custom authorizer, because I don't want to call my user service in other lambda functions and services. That would result in a higher runtime because the original lambda function has to wait for the auth check lambdas and the API Gateway would be the right place for auth checking.
So is it possible to authenticate with IAM in a custom authorizer? I have not found a way, yet.
If there is another way then IAM to allow auth of federated identities let me know (we will use not only facebook) :)
Thanks for any hint
回答1:
It is not currently possible to authenticate with IAM and then run a custom authorizer function. We have this on our backlog.
For your use case, I think your best option is just to delegate the fine-grained authorization to your backend.
来源:https://stackoverflow.com/questions/44667556/aws-custom-authorizer-iam-authentication