AWS IAM Nirvana: AWS API Gateway hooks with AWS Lambda and IAM

What I liked:

  1. Complete walk through AWS Cognito flow: Authorise with DynamoDB, ask Cognito for token and ID, ask Cognito for AWS credentials derived from an AWS role that lasts an hour.
  2. Independent IAM checkup that is run by AWS: The APP tries to act without running any authorisation logic in itself. The authorization logic is embedded in the AWS policy on each resource the APP tries to reach and cross checked with the AWS role the session got via Cognito.
  3. Strong anti data theft system: The access policy allows access to items only if the item’s user ID attribute matches the current Cognito session ID. So user A cannot dump details of user B…
  4. AWS API Gateway can automatically create a client SDK based on your app for many program languages.
  5. You can hide the fact your SDK uses AWS credentials.
  6. Integration with as a source repository for API document spec.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s