Closed Enshaedn closed 5 years ago
Task: Research IAM implementation for protecting the API from unauthorized requests and apply it to Jon's ping API
Estimated time: 4-6 hours Time spent thus far: 2 hours
Week 1 Progress: No code currently written. I read through some IAM documentation on AWS to get a general understanding of its features. I also watched some Youtube videos explaining API requests as a refresher.
https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-iam-policy-examples.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html
Api need to check for header, if token is in header verify it's valid. Can API Gateway do this? Cognito?
Original estimated time: 4-6 hours Total time spent: 5 hours
I created a user group with a single user for testing purposes. I then set up a COGNITO_USER_POOLS authorizer for our test API. Our token source uses the Authorization header and takes in a cognito user's identity token. The API endpoint will return unauthorized access unless a valid identity token is in the header of the GET request.
Wiki link: https://github.com/ActoKids/api/wiki/Adding-Authorization-to-the-API-Gateway-using-Amazon-Cognito
API Endpoint: https://flt5sd48q6.execute-api.us-west-2.amazonaws.com/test/testCognitoAuthorization
Authorized token: eyJraWQiOiJjNnAxNkxpVldUOWpIem9uNVhIb0Zja2QwK3VVTDR4ZlVpVWZpNXFYUnRJPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJiMWJkYmNmMi00NjI2LTRhYmItYmU5MS1hYWIzZTNkNmJhZWQiLCJhdWQiOiI1aXJhZ285dTdqbWM5NWhsMWg5ZmJhbWZyZyIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJldmVudF9pZCI6IjJmZjE1Mjg0LTFmODAtMTFlOS1iZmFmLTBmNTljZDliMWViZiIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNTQ4Mjk3MTAzLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl96eWFrTGhpQ1AiLCJjb2duaXRvOnVzZXJuYW1lIjoiYjFiZGJjZjItNDYyNi00YWJiLWJlOTEtYWFiM2UzZDZiYWVkIiwiZXhwIjoxNTQ4MzAwNzAzLCJpYXQiOjE1NDgyOTcxMDMsImVtYWlsIjoiZG91Z21jZmF3bkBnbWFpbC5jb20ifQ.W-YiauoT20w0tvk8OR9rkLm7P89Zxtlfr6F5HBqUIlygE7I4pG4NHARclB8skei89Qkg_uXe6tELRIkJsWg27iFPKJqsbuqiAUDQ2BAoChklVnLTlBM1FHFP95IceHbn4jb3AJ3ZNVogMCvLSXUCE1xwcOUv498wPqkjxAOF8jbUxvOt0A3mlpN-LD2talG7-KFqBCG6fNc43FFCqKNzYP7ebPX9BfIKnThwGPP1JJOkI3H7jze1M8YZWI7k3PtfzKiLCMdWZiAZJS9TzJxya9PcDLOLDSpOOd93K34X9gRkbrQ8ccJ2HO5YYwhCSonMg1_fpswzEyCw870EZTwuig
@ActoKids/api