Security in internet-facing or local applications is one of the most challenging parts of the software development life cycle. This post will provide a quick step-by-step guide to implementing access management for the previous REST API using Amazon Cognito.

Prerequisites

You need to have an AWS account. If you are new to AWS, they offer a 12-month free tier account where you can explore many services as a developer.

Create an Amazon Cognito User Pool

Please refer to this article in the Create Amazon Cognito User Pool section to create a Cognito User Pool, note the Cognito User Pool ID and the App Client ID, and then continue with the following section.

Enable endpoint access management in API Gateway

As you can see, any frontend or API caller can send requests to these REST API endpoints without including an access token in the request header. We will implement a JWT token authorizer with the Amazon Cognito User Pool created earlier.

Let us open the API Gateway created in this article.

• Select a method (POST for instance (1)) then, in the Route details section, click on the Attach authorization button (2).

• On the Authorization page, ensure the method is still selected and click the Create and attach an authorizer button (1).

• On the Create authorizer page, choose the Authorizer type: JWT (1), and provide the Authorizer settings: Name: CRUD-API-COGNITO-AUTH (2), Identity source: $request.header.Authorization (3), Issuer URL: https://cognito-idp.[zoneId].amazonaws.com/[userPoolId] (4). For the Audience field, first click on the Add Audience button, then provide the Client ID (5) noted while creating the Amazon Cognito User Pool. Click the Create and attach button to attach the newly created authorizer to the API route method.

• To attach an existing authorizer to a method, select the method, then in the Route details section, click the Attach authorization button. Choose the existing authorizer (1) and click the Attach authorizer button (2).

Test and Wrap-Up

Follow the Test and Recap section of this article and the Test the Rest API section of this article to test what we have implemented.

This guide walks through implementing access management for a REST API using Amazon Cognito. Instructions include creating a Cognito User Pool, enabling endpoint access management in API Gateway, and configuring JWT token authorizers for secure token-based access. Follow these steps to protect your API endpoints effectively.

Thanks for reading 😊. Your suggestions and comments are welcome. Akpé kaka 🙏!