Authentication and Authorization two very important pillar of web security. Authentication is basically used to identify the user. It verifies the user is the same user that he is supposed to be. Authorization is used to verify what the user can do. What access he is having.
Here, I am going to discuss about the Authorization. In AWS, authorization can be implemented in 3 ways:
- IAM Auth
- Lambda authorizer
- Token authorizer
In this post, I am discussing mainly about IAM AUTH. You can go through my below Youtube video to get detailed idea.
My Youtube Video Link: https://youtu.be/QKouBNm_-BA
I have created an youtube video on IAM Auth. Here I have shown lambda function creation, API creation, Route Creation, attaching routes with corresponding lambda functions, associating IAM auth with routes, User group creation, User creation, Policy creation and passing signature version 4 token in postman to test authorization of these routes. Below are the steps:
STEPS:
- Create two lambda functions for handling two routes
- In API Gateway - Create two routes like /helloadmin and /hellouser with GET method
- Attach both routes with corresponding lambda functions
- Attach each route with IAM auth for authorization
- In IAM - Create two groups say Admin and Client
- Create two users named as admin_user and client_user under corresponding groups
- Create in line policy for both groups
The admin_user should be able to access only /helloadmin NOT /hellouser
The client_user should be able to access only /hellouser NOT /helloadmin
8. Add authorization header in POSTMAN [SignatureV4]
a) Find accesskey, secretkey, sessionToken of both users
b) Pass these values in Authorization tab in POSTMAN
9. After Testing delete all Policies, Users, Groups, IAM APIs, Lambda functions
Please go through the above video where I have showed each steps in detail. It is very informative.
