I have an issue with API Gateway (REST API) which use authorizer Lambda and usage plan at the same time.
The issue what I'm facing is there are two methods, lets call "A" and "B".
"A" method is using API key for protection, so you need to pass the API key in your request and if its correct you authorized to perform an operation, if not you get a "forbidden" message.
"B" method is using an authorizer Lambda for authorization and don't use API key. The problem is the following: when the authorizer Lambda denies the access for the API with the policy, the API continues the execution because its find the Usage plan and because "B" method don't use API key, it starts the execution.
When I'm not passing token in the request I get the "Unauthorized" message but if the request contains for example a wrong token, the execution starts even though the authorizer Lambda denies the execution.
Is there any way to resolve that conflict to keep the "A" method with API key and "B" method with custom authorization?
CloudWatch logs after an execution with a wrong token
API Gateway with CUSTOM authorizer and Usage plan at the same time?
714 Views Asked by ks_bnc At
0
There are 0 best solutions below
Related Questions in AWS-LAMBDA
- Query parameter works fine with fastapi application when tested locally but not working when the FastAPI application is deployed on AWS lambda
- Lambda endpoint for the Google OAuth callback does not recieve the access_token
- Golang lambda upload image into s3 static website
- Unable to run Bash Script using AWS Custom Lambda Runtime
- Call an External API from AWS Lambda
- AWS Lambda Trigger For Same S3 File Name In Quick Succession
- Trouble Extracting Request Body in Flask-Lambda Application Deployed on AWS Lambda via AWS SAM
- S3 pre-signed url not working on whatsapp cloud Api
- 'Load failed' error when trying to create a function in AWS lambda
- Using Python CDK to bundle dotnet 8 code to AWS Lambda function
- AWS WebSocket API return forbidden (403) error when sending message
- Pass integer value in json serializable Python Object
- AWS Lambda successfully called with 'Function URL', but not with 'API Gateway'
- How do I create a *clean* AWS lambda function in python?
- Laravel Vapor Queue Dynamic DB Connection Issue for Different Requests
Related Questions in API-KEY
- youtube api quota limit of 10000api
- Beginner, I am stuck on setting up to use the GPT 3.5 model in Jupyter Notebook?
- Accessing ChatGPT API Key Securely for Public Website
- Laravel Implement Api-key and Bearer token
- When hashing an API key, should I hash the suffix / prefix as well?
- As a front end developer ,how can i easily hide my api
- 403 error when requesting Petfinder API Key
- building an oracle with chainlink to POAO
- How To Catch Invalid Firebase API key (that is entered by user)?
- Locust : Not able to use the config value from env file
- Working outside of application context when using flask_api_key
- Using google maps api key in open source GitHub repository in Flutter app
- Using Google drive API to load images from a folder give me error 403
- Handling API Keys in Angular
- What is apiSecret in the Nuxt env file?
Related Questions in LAMBDA-AUTHORIZER
- Lambda Authorizer and APIGatewayCustomAuthorizerContextOutput Problem
- add custom header at aws lambda authorizer
- Enforcing usage plans when authenticating with JWT tokens using lambda authorizers
- Force certain HTTP responses from AWS API Gateway based on Lambda Authorizer errors
- Using an API key in URL on Amazon API Gateway using an Authorizer
- aws lambda authorizer function, jsonwebtoken error "Invalid Token", using Bearer before and splicing it
- How to use multiple query string authorizers with aws_apigatewayv2_authorizer
- Attach AWS API Gateway Custom Authorizer to a Route
- How to point identity source of authorizer lambda to a cookie?
- Synatx error in AWS Python Lambda function
- Access Cookie in Appsync Lambda authorization instead of authorizationToken
- Update lambda function environment variables using api
- Give API Gateway permission to invoke Lambda function
- Fine grained AWS Lambda Authorizer using custom access management service
- In Authorizers Lambda only context 401 "Unauthorized" can to pass Gateway Response?
Related Questions in AWS-JWT-AUTHORIZER
- AWS Cognito and Websocket Api using Lambda Authorizer
- API Gateway with CUSTOM authorizer and Usage plan at the same time?
- How to configure cognito authorizer on API Gateway V2?
- AWS API Gateway Authorizer - Allow Cognito UserPool auth (via headers) and public access
- secure aws s3 objects (control access with authorizer like jwt, how a web app would normally do)
- Cognito User Pool Authorizer defined in openapi without hardcoded values
- AWS Lambda Authorizer Missing from Method Request: Authorization options
- How to point identity source of authorizer lambda to a cookie?
- AWS JWT authorizer not supporting google issuer
- AWS JWT-Authorizer not supporting "any" audience
- AWS authorizer returns 500, message: null, with AuthorizerConfigurationException error in response
- Pass AWS authorizer policy context values to .net 6 minimal api
- Request header in Input to an Amazon API Gateway Lambda authorizer transformed in lowercase
- Will JWT authorizer in aws HTTP API gateway cache Public key to avoid repeated call to Authorisation server
- HTTP API Gateway - How to map authorizer to route in Terraform?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?