I’m an AWS noob and am trying to set up a cognito user pool as an authorizer for my api-gateway lambda.
As far as I can tell the docs talk about about setting up the pool as an event source and I have not found a way to configure api-gateway. I expected it to be something like the cors: true setting where I’d just say authorizer: myPool … but I can’t seem to find an example.
I’ve searched around but strangely have not found exactly what I need. I see the references to aws_iam, user groups, etc. but am not sure how to get to the user pool.
Does anyone know where in the docs I can find that or of a blog post or something explaining it?
Thanks in advance.
Little delayed in the response, hopefully you’ve figured this out since you posted, but I believe the answer you’re looking for can be found here. Scroll down to the part where it talks about the user pool.
@bobbiebarker I have successfully protected an endpoint in my service following the example in that link by using a Cognito user pool arn. And by successfully meaning that once I request, I get back the message “Unauthorized”.
From what I’ve read I need to include a token received from logging in with Cognito in the request as an Authorization header. But when I do it does not allow me to reach the endpoint. What am I missing here?
This is my serverless.yml:
And for the request I’m using Postman to include the Bearer token which results in a Authenitcation header like this:
Authentication: Bearer myTokenXXXXXXXXXXXXX
I’ve also tried removing the Bearer part from that header without any luck.
Just fixed it! Turned out I was using the accessToken from the response of cognitoUser#authenticateUser where I should use the idToken
Hello @yn5… I am trying create user in Cognito User Pool using serverless… I was able to handle user authentication using this article https://www.serverless.com/blog/serverless-auth-with-aws-http-apis but I was not able to create user using an API Gateway / Lambda endpoint.
Do you have any reference how I should create a lambda function to be able to create a new users instead of using Host UI interface?
Thanks in advanced.