Intro
One of the authorization methods that AWS supports for the API Gateway endpoints is IAM authorization.
Two things are required to use IAM auth:
- signed request using Signature Version 4
execute-api
permission set up for the client for invoked endpoint
There are other authorization methods available like: Lambda authorizers
or JWT authorizers
you can read more about them
here.
In today’s blog post, I will show you how to request a microservice that is protected by IAM auth.
The problem
For the blog post purpose, let’s imagine we have two microservices: Microservice A
and Microservice B
.
Both of them were built using AWS lambda and API Gateway.
We own Microservice A
, and some other team owns Microservice B
.
We want to call Microservice B
to get the response, it exposes the endpoint GET /items
, and this endpoint is protected by IAM auth
.
Solution
|
|
The aws-requests-auth does most of the things for us.
We need to provide the hostname of the service we want to call, the AWS region,
and the service - in our case it is execute-api
as we are working in a serverless lambda environment.
BotoAWSRequestsAuth
generates the appropriate headers and adds them to the requests
object.
All we need to do is to add it as a auth
param to the requests method.
Summary
It is as simple as that 😉 I hope you enjoyed it.
There are other methods that you can use to make such a request. The one I showed you is simple and easy. I have tested it on production, it is working 😉.