Last updated

AWS API Gateway Backend Protection

Use AWS API Gateway to control access to your backend. When API calls are made to your routes, API Gateway verifies the caller's identity and grants access only if the caller is authorized to access the route.


Step-by-step guide

Follow the steps below to protect your AWS resources using the AWS API Gateway authorizer:

Step 1: Create authorizer

  1. In your AWS Console, navigate to the API Gateway section and go to the Authorization tab.

aws-gateway-1

  1. Click Create to create a new authorizer and attach it.

aws-gateway-2

Step 2: Fill in the parameters

Provide the following parameters for the authorizer:

ParameterValue
NameA logical name for your authorizer to recognize it.
Identity SourceTypically, this will be the Bearer authentication header. Set it to $request.header.Authorization.
Issuer URLIn Frontegg, go to Workspace Settings ➜ General. Copy your workspace name and replace [your-workspace-name] in the following URL: https://[your-workspace-name].frontegg.com
AudienceIn Frontegg, go to Workspace Settings ➜ General. Copy your Client ID and use it for the Audience.

After filling in these details, click Create and attach.

Your AWS API Gateway will now protect your routes based on the identity issued by your Frontegg workspace.