search

ActoKids / AD440_W19_CloudPracticum

3 stars 1 forks source link

IAM #5

Closed Enshaedn closed 5 years ago

Enshaedn commented 5 years ago

@ActoKids/api

zach-daniels commented 5 years ago

Task: Research IAM implementation for protecting the API from unauthorized requests and apply it to Jon's ping API

Estimated time: 4-6 hours Time spent thus far: 2 hours

Week 1 Progress: No code currently written. I read through some IAM documentation on AWS to get a general understanding of its features. I also watched some Youtube videos explaining API requests as a refresher.

https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html

https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-iam-policy-examples.html

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

Api need to check for header, if token is in header verify it's valid. Can API Gateway do this? Cognito?

zach-daniels commented 5 years ago

Original estimated time: 4-6 hours Total time spent: 5 hours

I created a user group with a single user for testing purposes. I then set up a COGNITO_USER_POOLS authorizer for our test API. Our token source uses the Authorization header and takes in a cognito user's identity token. The API endpoint will return unauthorized access unless a valid identity token is in the header of the GET request.

Wiki link: https://github.com/ActoKids/api/wiki/Adding-Authorization-to-the-API-Gateway-using-Amazon-Cognito

API Endpoint: https://flt5sd48q6.execute-api.us-west-2.amazonaws.com/test/testCognitoAuthorization

Authorized token: eyJraWQiOiJjNnAxNkxpVldUOWpIem9uNVhIb0Zja2QwK3VVTDR4ZlVpVWZpNXFYUnRJPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJiMWJkYmNmMi00NjI2LTRhYmItYmU5MS1hYWIzZTNkNmJhZWQiLCJhdWQiOiI1aXJhZ285dTdqbWM5NWhsMWg5ZmJhbWZyZyIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJldmVudF9pZCI6IjJmZjE1Mjg0LTFmODAtMTFlOS1iZmFmLTBmNTljZDliMWViZiIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNTQ4Mjk3MTAzLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl96eWFrTGhpQ1AiLCJjb2duaXRvOnVzZXJuYW1lIjoiYjFiZGJjZjItNDYyNi00YWJiLWJlOTEtYWFiM2UzZDZiYWVkIiwiZXhwIjoxNTQ4MzAwNzAzLCJpYXQiOjE1NDgyOTcxMDMsImVtYWlsIjoiZG91Z21jZmF3bkBnbWFpbC5jb20ifQ.W-YiauoT20w0tvk8OR9rkLm7P89Zxtlfr6F5HBqUIlygE7I4pG4NHARclB8skei89Qkg_uXe6tELRIkJsWg27iFPKJqsbuqiAUDQ2BAoChklVnLTlBM1FHFP95IceHbn4jb3AJ3ZNVogMCvLSXUCE1xwcOUv498wPqkjxAOF8jbUxvOt0A3mlpN-LD2talG7-KFqBCG6fNc43FFCqKNzYP7ebPX9BfIKnThwGPP1JJOkI3H7jze1M8YZWI7k3PtfzKiLCMdWZiAZJS9TzJxya9PcDLOLDSpOOd93K34X9gRkbrQ8ccJ2HO5YYwhCSonMg1_fpswzEyCw870EZTwuig