AWS API Gateway Tutorial, Part 4: Secure the API Using Custom Authorizers
In part 1, you configured Auth0 for use with API Gateway, in part 2, you configured an API using API Gateway, and in part 3, you created the custom authorizer that can be used to retrieve the appropriate policies when your API receives an access request. In this part of the tutorial, we will show you how to use the custom authorizer to secure your API's endpoints.
Log in to AWS and navigate to the API Gateway Console.
Open the PetStore API we created in part 2 of this tutorial. Under the Resource tree in the center pane, select the GET method under the
Select Method Request.
Under Settings, click the pencil icon to the right Authorization and choose the
jwt-rsa-custom-authorizer custom authorizer you created in part 3.
Click the check mark icon to save your choice of custom authorizer. Make sure the API Key Required field is set to
Deploy the API
To make your changes public, you'll need to deploy your API.
If successful, you'll be redirected to the Test Stage Editor. Copy down the Invoke URL provided in the blue ribbon at the top, since you'll need this to test your deployment.
Test Your Deployment
You can test your deployment by making a
GET call to the Invoke URL you copied in the previous step.
In this tutorial, you have
- Configured Auth0 for use with API Gateway
- Imported an API for use with API Gateway
- Created a custom authorizer to secure your API's endpoints, which required working with AWS IAM and Lambda
- Secured your API with your custom authorizer