Run the command above to override Amplify-generated Amazon API Gateway resources.
The command creates a new overrides.ts file under amplify/backend/api/<resource-name>/ which provides you the Amplify-generated resources as CDK constructs.
Apply all the overrides in the override(...) function. For example:
To change a field on a particular path, use resources.restApi.body.paths[\<route-path\>]:
You can override the following REST API resources that Amplify generates:
Amazon Cognito User Pools is a common service to use alongside API Gateway when adding user Sign-Up and Sign-In to your application. If your application needs to interact with other AWS services such as S3 on behalf of the user who invoked an endpoint, you will need to use IAM credentials with Cognito Identity Pools.
Amplify CLI does not support Cognito User Pool authorizers out-of-the-box. To implement this functionality, you must override your REST API and add a Cognito User Pool authorizer yourself by adding the following code into the override(...) function, in order.
First, assuming the Cognito User Pool you would like to use as an authorizer is the Auth resource configured with your Amplify Project, create a parameter that resolves to its User Pool ARN:
Make sure to replace <your-auth-resource-name> with the name of your auth resource. This is the name of the folder in amplify/backend/auth that was created when you added an Auth resource to your Amplify project.
Now, define a REST API authorizer with Cognito User Pools using the OpenAPI extension, x-amazon-apigateway-authorizer. This change will be applied by modifying the security definition of your REST API:
Finally, update the security methods for all of the paths in your REST API to use this new Cognito User Pool authorizer. You also add the Authorization header as a parameter on incoming requests for these paths as a place for users to provide their Cognito User ID Tokens.
Note that you can add more advanced logic to only use the Cognito User Pool authorizer with some paths or methods.
When performing requests to your REST API, make sure to add the Authorization header with an ID Token provided by Cognito.
Requests to endpoints are now populated with information from Cognito about the user who is invoking the endpoint, and you can reuse the verified ID Token in your endpoint resolvers to assume the identity of the user for accessing other services like AWS AppSync or S3.
Authorize API requests with Lambda authorizerWhile Amplify CLI does not support Lambda authorizers natively out-of-box, you can implement this functionality by overriding your REST API resources. The following steps will walk you through how to create token-based Lambda authorizer.
First, you need to have a Lambda authorizer function with required authorization logic in your Amplify project to use it as an authorizer. Refer to the steps to set up a function using amplify add function
After running amplify override api, add the following code to override(...) function. Initially, create a parameter that resolves to Lambda Function ARN
Make sure to replace <your-function-resource-name> with the name of your function resource. This is the name of the folder in amplify/backend/function that was created when you added an function resource to your Amplify project.
Next, define the Lambda authorizer using the OpenAPI extension, x-amazon-apigateway-authorizer. This change will be applied by modifying the security definition of your REST API:
As API Gateway needs permission to invoke the Authorizer lambda function, add resource based policy to the function using following code:
Make sure to replace <your-api-resource-name> with the name of your Rest API resource. This is the name of the folder in amplify/backend/api that was created when you added an Rest API resource to your Amplify project.
Finally, update the security methods for all of the paths in your REST API to use this new Lambda authorizer. You can also add the Authorization header as a parameter on incoming requests for these paths as a place for users to provide their Auth token.
Note that you can add more advanced logic to only use the Lambda authorizer with some paths or methods.
When performing requests to your REST API, make sure to add the Authorization header with an token required by Lambda authorizer function.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4