How to Create an Authenticated REST API on AWS with API Gateway, Lambda, Cognito, & AWS Amplify

This was super helpful in 2023; thank you so much!

Love that you were able to condense so much information in a short video, gw!

Wow. how come the freaking youtube algorithm did not suggest this video to me?
I finally got this working for a personal project.
Super happy.

I was actually hoping to see same exact tutorial but backend (rest api, lambda, cognito) built with CDK instead of amplify cli

Thank you so much for doing videos like this. I've been learning amplify for the last 4 months using your videos to help me for projects at work. I'm just about to put my first app into production in the next couple of weeks

Thanks Nader, spent all day on this before finding your video.

Fantastic Nader, I have been exploring exactly this and you helped me out immensely! Thanks! I've been working a lot with Amplify and Amplify Admin (since its been out) and fine grained access has been interesting. I am tracking you and the team for all the content you can put out, so thanks a lot man!

Thanks for this video, definitely got me a
Bit further. I’m hoping to see how we can take that user object in the lambda function and, for example, enrich the user with “user preferences” by creating a record in a db for said user, and then allow the user to edit their preferences.
I noticed a lot of these examples typically revolve around blogs, and don’t go into depth beyond default Cognito options.

Thank you, I spent 2 days looking for just this. Great video, straight to the point

This is an awesome work.. very very crisp and to the point ... Much appreciated 🙏

How can I pull the cloudformation template from the cloud? Whenever I re-deploy my amplify project, the Authorizer is gone because it was not added to the template in the first place.

Step by step and detailed video in reasonable span!! Thank you so much 🙌🏼

Incredible, spent a lot of time trying to find this material, thank you

Love the green, but I am a big fan of the purple 💜. Oh yeah and great video too!

Amazing Video !
Please make a separate vdo on below topic coz there is no resource in internet related to this topic.
I want to know how to do the Sign Up, Login
& other MFA in React-Native App, if I already have a existing
backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:

I was just looking for a such a resource. Thanks!

Thanks for the detailed explanation .Much appreciated

Thanks Nader!

Amazing Video !
But, I want to know how to do the Sign Up, Login & other MFA if I already have a existing backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:
I hope this question will generate curiosity in you.
Please make a separate vdo on this topic

Its awesome, the same tutorial using SAM would be nice too :)

Thanks so much. Your video helped me a lot!!

Superb explanation! A million thanks. Subscribed. Going to check out your other videos now.

Hey, as many others mentioned before : how to use cloudformation template to do this?
Because otherwise everytime you make changes to the API now, it switches back to IAM or NONE as Authorization and deletes the Authorizers.

Thank you Nader, this was very helpful. I’d love to see an example using Swift/iOS (I’m new to both)

another AWSome video from Nader!

Exactly what I was looking for thank you!

great video, i really like the color theme . is that color theme custom made or imported ?

Great and concise explanation -- Subscribed :)

Nowadays, Amplify encourages you to use Amplify to spin up your dev and production environment using the CLI. This means that most of your configuration should be done through the CLI so Amplify can keep track of different changes (to Cloudformation resources, I guess). Will Amplify "know" about the changes you do (e.g. setting up your API Gateway to use Authorizers) through the AWS Console UI?

Thanks GSP

Could you do a tutorial on multi-tenancy with AWS Cognito and AWS Amplify?

Awesome guide! It really helped me get started with AWS Lambdas. A question though, if you wanted to make a call to your API from an unauthenticated user (and have it go through) how would you do that? As you showed, just removing the user token breaks the call, and trying to hit it without logging in results in "Uncaught (in promise) The user is not authenticated".

Great video, just wondering is it safe to have the token in the client side variable as shown here to be passed in the header? It seems like Amplify doesnt offer any server side token so that we could store it in a http only cookie and pass it with every api request thereafter.

I guess amplify as a default export is deprecated and you would need to import it as a named export: import { Amplify } from 'aws-amplify'

Hi there, Fantastic video! When I use this tutorial I can get the access token without issue but when I try to get the data back is console.logs an error saying that the API does not exist. Have you any ideas? thank you in advance!

Excellent video. Did you know that using the header "authorisation" instead of "Authorisation" both in the browser code and the Authorizer, that it does not work. If you use "authorisation" as the header name API.get() adds additional fields to the token (visible in Chrome tools) and the Authoriser fails. I assume that API.get() middleware is responsible for this - but did not check the code. Took me an hour of head-scratching before going back to the video and noticing. Maybe a non reserved header name look-alike would have been a better choice!

thank you Nader! Can you let me know if we have identity pool how can we get access to temporary credentials for gues. how do we get the guest token ?

This is sweet! However, is there a way when you are in API Gateway setting the path and ANY to the Authorization provider to default this? I don't want to have to go in and do this every time I create a new API path. I tried, thinking, maybe if I set this up in API gateway first and configure the authorizer, if I then with the CLI run - amplify api update and add a new path that it would pickup the authorizer but it seems to actually override the existing configuration where I then have to go in and setup the authorizer all over again for each path. That is definitely not scalable. I need a solution where I configure the authorizer once, really at the amplify project level and everything else I do from that point, inherits the authorizer. Is that possible?

Thanks! 🤜🤛

default Authorization when restricting API with "add auth" by Cognito is "Auth: AWS IAM" ?

Thanks!

I have been looking for a video like this for so long - just what I needed. Thank You.
Would it work in the same way for a Social login in (say Google or Facebook) using the Cognito Auth component?

Why when I update my API it deletes the Cognito Authorizer created from AWS Console?

How can i use amplify to configure the api gateway authorizer? So i can make i repeatedly?

Is there a clean way to prefill a users email into the pre-built auth component? I have a use case where I get a user's email through an on-boarding flow before they register.

How do you deploy updates to the lambda function?

Great video thx

Can you show how to create Authenticated REST API with private endpoint to VPC in AWS Amplify?

Would this work the same way if I chose to use the ExpressJS function?

Thanks

Maybe consider saying log instead of “log out” when printing because you’re constantly saying “log out user” when printing user to the console

Does this work for react native front end? If so, is there any documentation on this?

When we send this request, we can see jwt token in header, is it safe ?

Can we get a link to your extensions?

Please let me know how can I use RDS (MSSQL) datasource with aws appsync/amplify and how to connect with react js application

how can i do the same with custom ui?

Thanks a lot, you unblocked me big time :)