使用 IAM 授权方的服务到服务 API 调用
[英]Service to service API call using an IAM Authorizer
问题描述
I have a Lambda with API Gateway and an IAM Authorizer for authorization.
我有一个带有 API 网关的 Lambda 和一个用于授权的 IAM 授权方。 I'm currently calling it from the frontend using Cognito (Identity Pool).我目前正在使用 Cognito(身份池)从前端调用它。 I don't know if this is relevant but the endpoint is a proxy for an external system and ultimately maps the logged in user's identity ID with the external system's JWT to facilitate REST calls.我不知道这是否相关,但端点是外部系统的代理,最终将登录用户的身份 ID 映射到外部系统的 JWT 以促进 REST 调用。
Here is my issue, the REST interface I described above needs to be called by another Lambda with a similar setup ie it has an IAM authorizer / API Gateway, and called by the frontend using Amplify and Cognito.这是我的问题,我上面描述的 REST 接口需要由另一个具有类似设置的 Lambda 调用,即它有一个 IAM 授权方/API 网关,并由前端使用 Amplify 和 Cognito 调用。
How can the lambda assume the role of the Cognito user (IAM User) that made the request and call the other REST interface with the IAM authorizer? lambda 如何承担发出请求的 Cognito 用户(IAM 用户)的角色,并与 IAM 授权方调用另一个 REST 接口?
1 个解决方案
解决方案1
0 2023-01-12 19:20:45
I think I am going to use a JWT authorizer and change my unique user ID to be the sub of the userpool.我想我将使用 JWT 授权方并将我的唯一用户 ID 更改为用户池的子项。
I believe the answer to my own question is using the identity id and the amazon secret and construct the same header to call the API.我相信我自己的问题的答案是使用身份 ID 和亚马逊秘密并构建相同的 header 来调用 API。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.