## AWS API Gateway Backend Protection

Use AWS API Gateway to control access to your backend. When API calls are made to your routes, API Gateway verifies the caller's identity and grants access only if the caller is authorized to access the route.

### Step-by-step guide

Follow the steps below to protect your AWS resources using the AWS API Gateway authorizer:

### Step 1: Create authorizer

1. In your AWS Console, navigate to the **API Gateway** section and go to the **Authorization** tab.


![aws-gateway-1](/assets/aws-gateway-1.042c7b6c4b3b2bf129b26f1c6311affccace6912ed750d77601227537f22e0af.97d793c5.png)

1. Click **Create** to create a new authorizer and attach it.


![aws-gateway-2](/assets/aws-gateway-2.7a38f1e26b5eaee9352e673026e3d51b7a10a5f567ff6f3555bef5067f94e6be.97d793c5.png)

### Step 2: Fill in the parameters

Provide the following parameters for the authorizer:

| Parameter | Value |
|  --- | --- |
| **Name** | A logical name for your `authorizer` to recognize it. |
| **Identity Source** | Typically, this will be the Bearer authentication header. Set it to `$request.header.Authorization`. |
| **Issuer URL** | In Frontegg, go to **Workspace Settings ➜ General**. Copy your workspace name and replace [your-workspace-name] in the following URL: [https://[your-workspace-name].frontegg.com](https://%5Byour-workspace-name%5D.frontegg.com) |
| **Audience** | In Frontegg, go to **Workspace Settings ➜ General**. Copy your **Client ID** and use it for the **Audience**. |


After filling in these details, click **Create and attach**.

Your AWS API Gateway will now protect your routes based on the identity issued by your Frontegg workspace.