How can I allow user to use api key to access my aws_iam protected aws api gateway rest endpoint?

Hi fellow serverless users,

I created a lambda function backed rest api on api gateway with using serverless framework.

In order to protect my api endpoint, I enabled aws_iam authorizers to allow only signed in user to access the endpoints.

I would also like to provide an alternative authorization solution with api gateway usage plan and api key, so that user could use the api key I provided to access my endpoints programmatically.

However, seems user can’t access my endpoints with api key with aws_am authorizers enabled, http request comes back "message": "Missing Authentication Token".

Is there any way I can make this to work? Or I have to define two separate functions with each has different authorization solution?

Here’s how my rest api defined in serverless yaml. Thank you in advance.

functions:
  http:
    handler: src/index.api
    timeout: 30
    events:
      - http:
          path: /{proxy+}
          method: any
          cors: true
          private: true
          authorizer: aws_iam

As far as I know, in order to have dual authentication approaches you’ll need to create a Custom Authorizer Lambda. Learn more here

I had a similar issue to you and I wrote a Custom Authorizer Lambda function which can authenticate users who submit either an api-key or a JWT token.

1 Like