Secure your AWS API Gateway with Lambda Authrorizer

In this we are going talk about how to secure your API Gateway with Lambda Authorizer in step-by-step. You will learn how to control access to your API, What is generate policy document, and how to manage authentication and authorization.

What is Lambda authorizer?

Lambda authorizer (custom authorizer) is a feature in the AWS API gateway enables controlling access to the API. So this help us to authenticate and authorize incoming requests to an API method before they are executed.

Let’s look at an example of a simple API that returns a list of users. Anyone can call this method and access the list of users without any permission. So this going to be a security threat because we are exposing sensitive information to unauthorized users.

To fix this security issue, we need to ensure that only authorized users have access to the API method and get user sensitive information.

For instance, we can authenticate users based on their access tokens. The Lambda authorizer return an IAM policy that gives the required permission to execute the API method if the user is authorized. The Lambda authorizer returns an error if the user is not authorized.