Custom authorizer with cognito user pool service

I have gone through several documents about cognito service, but still can’t get answer about how to manage cognito with custom authorizer.

I can create cognito user pool with above links. But I need know how to set custom authorizer handler (handler.js), do you have any samples for me?

  id: tfnXXX
  identitySource: method.request.header.Authorization
  identityValidationExpression: someRegex

another sample I have:

        name: authorizer
        arn: arn:aws:cognito-idp:us-east-1:123456789:userpool/us-east-1_XXXXXX
          - email

So how the cognito custom authorizer handler.js looks like?

1 Like


Seems the sample codes can be found in

1 Like

Did research on this for 2 weeks, I got big help from this repo, but I still have several questions.

I collect all of them with Cognito, will be appreciated if you give any words for help.

The codes in src/containers has login/signup modules to help end users to login with Cognito user pool accounts

After successfully login, src/Routes.js gives two options: /notes/new and /notes/:id which are mapped to two js files: src/containers/NewNote.js and src/containers/Note.js

These options are mapped to API Gateway event path (endpoint) with different methods:

  # apig path: https://<apigateway_url>/notes, method `POST`
  createNote(note) {
    return invokeApig({
      path: "/notes",
      method: "POST",
      body: note

  # apig path: https://<apigateway_url>/notes/{id}, method `GET`
  getNote() {
    return invokeApig({ path: `/notes/${}` });

  # apig path: https://<apigateway_url>/notes/{id}, method `DELETE`
  deleteNote() {
    return invokeApig({
      path: `/notes/${}`,
      method: "DELETE"

  # apig path: https://<apigateway_url>/notes/{id}, method `PUT`
  saveNote(note) {
    return invokeApig({
      path: `/notes/${}`,
      method: "PUT",
      body: note
  1. If I have 50 endpoints (/note is an endpoint for me). Do I have to write 50 * 2 js files to handles these endpoints?

  2. Are there any ways to accept endpoints as variables, so if the endpoint name is changed, I needn’t change the codes in Notes.js

  3. How to support {proxy+} in path, such as notes/{proxy+}?

  4. If I need control the permission that different groups to access different endpoint, how do you set the permission with Cognito groups to control it.

For example,

Group#1: endpoint1
userlist: tom, george.

Group#2: endpoint2
userlist: tom, john