How to Create an Authenticated REST API on AWS with API Gateway, Lambda, Cognito, & AWS Amplify
HTML-код
- Опубликовано: 4 окт 2024
- In this video I'll use the Amplify CLI to deploy a REST API backed by AWS Lambda and then connect to the API from a client-side project using React. I'll show how to configure the REST API to enable a Cognito Authorizer, only allowing authenticated requests to interact with the endpoint. I'll also show how to securely access the user's identity in the Lambda function event.
Here is some of the code I used: gist.github.co...
This was super helpful in 2023; thank you so much!
Love that you were able to condense so much information in a short video, gw!
Wow. how come the freaking youtube algorithm did not suggest this video to me?
I finally got this working for a personal project.
Super happy.
I was actually hoping to see same exact tutorial but backend (rest api, lambda, cognito) built with CDK instead of amplify cli
Hey, great feedback, will set something like this up next
@@naderdabit that would be great, thanks
Good video related to setup cognito user pool and client via aws CDK ruclips.net/video/qqINbA1_nNU/видео.html
Thank you so much for doing videos like this. I've been learning amplify for the last 4 months using your videos to help me for projects at work. I'm just about to put my first app into production in the next couple of weeks
Thanks Nader, spent all day on this before finding your video.
Fantastic Nader, I have been exploring exactly this and you helped me out immensely! Thanks! I've been working a lot with Amplify and Amplify Admin (since its been out) and fine grained access has been interesting. I am tracking you and the team for all the content you can put out, so thanks a lot man!
Glad to hear it, we're working to do a lot more next year!
Thanks for this video, definitely got me a
Bit further. I’m hoping to see how we can take that user object in the lambda function and, for example, enrich the user with “user preferences” by creating a record in a db for said user, and then allow the user to edit their preferences.
I noticed a lot of these examples typically revolve around blogs, and don’t go into depth beyond default Cognito options.
Thank you, I spent 2 days looking for just this. Great video, straight to the point
This is an awesome work.. very very crisp and to the point ... Much appreciated 🙏
Awesome to hear!
How can I pull the cloudformation template from the cloud? Whenever I re-deploy my amplify project, the Authorizer is gone because it was not added to the template in the first place.
Step by step and detailed video in reasonable span!! Thank you so much 🙌🏼
Incredible, spent a lot of time trying to find this material, thank you
Love the green, but I am a big fan of the purple 💜. Oh yeah and great video too!
Haha, thank you :)
Me to. Purple can be genius. Good one Nader.
Amazing Video !
Please make a separate vdo on below topic coz there is no resource in internet related to this topic.
I want to know how to do the Sign Up, Login
& other MFA in React-Native App, if I already have a existing
backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:
I was just looking for a such a resource. Thanks!
Thanks for the detailed explanation .Much appreciated
Thanks Nader!
Amazing Video !
But, I want to know how to do the Sign Up, Login & other MFA if I already have a existing backend in AWS Cognito .
And have the below details of the existing backend :-
aws_cognito_identity_pool_id:
aws_cognito_region:
aws_user_pools_id:
aws_user_pools_web_client_id:
I hope this question will generate curiosity in you.
Please make a separate vdo on this topic
Its awesome, the same tutorial using SAM would be nice too :)
Thanks so much. Your video helped me a lot!!
Superb explanation! A million thanks. Subscribed. Going to check out your other videos now.
Hey, as many others mentioned before : how to use cloudformation template to do this?
Because otherwise everytime you make changes to the API now, it switches back to IAM or NONE as Authorization and deletes the Authorizers.
Thank you Nader, this was very helpful. I’d love to see an example using Swift/iOS (I’m new to both)
Hey thanks, glad you enjoyed it, may try to do something with React Native there on mobile
another AWSome video from Nader!
Exactly what I was looking for thank you!
great video, i really like the color theme . is that color theme custom made or imported ?
Great and concise explanation -- Subscribed :)
Nowadays, Amplify encourages you to use Amplify to spin up your dev and production environment using the CLI. This means that most of your configuration should be done through the CLI so Amplify can keep track of different changes (to Cloudformation resources, I guess). Will Amplify "know" about the changes you do (e.g. setting up your API Gateway to use Authorizers) through the AWS Console UI?
I tried an ‘amplify pull’ and no luck
I got the same problem, my authorizer is deleted when I update my API
Thanks GSP
Could you do a tutorial on multi-tenancy with AWS Cognito and AWS Amplify?
Awesome guide! It really helped me get started with AWS Lambdas. A question though, if you wanted to make a call to your API from an unauthenticated user (and have it go through) how would you do that? As you showed, just removing the user token breaks the call, and trying to hit it without logging in results in "Uncaught (in promise) The user is not authenticated".
Great video, just wondering is it safe to have the token in the client side variable as shown here to be passed in the header? It seems like Amplify doesnt offer any server side token so that we could store it in a http only cookie and pass it with every api request thereafter.
I guess amplify as a default export is deprecated and you would need to import it as a named export: import { Amplify } from 'aws-amplify'
Hi there, Fantastic video! When I use this tutorial I can get the access token without issue but when I try to get the data back is console.logs an error saying that the API does not exist. Have you any ideas? thank you in advance!
Hi I'm getting the same error "API Name" does not exist when I try and connect to my API. Any help would be appreciated
Excellent video. Did you know that using the header "authorisation" instead of "Authorisation" both in the browser code and the Authorizer, that it does not work. If you use "authorisation" as the header name API.get() adds additional fields to the token (visible in Chrome tools) and the Authoriser fails. I assume that API.get() middleware is responsible for this - but did not check the code. Took me an hour of head-scratching before going back to the video and noticing. Maybe a non reserved header name look-alike would have been a better choice!
thank you Nader! Can you let me know if we have identity pool how can we get access to temporary credentials for gues. how do we get the guest token ?
This is sweet! However, is there a way when you are in API Gateway setting the path and ANY to the Authorization provider to default this? I don't want to have to go in and do this every time I create a new API path. I tried, thinking, maybe if I set this up in API gateway first and configure the authorizer, if I then with the CLI run - amplify api update and add a new path that it would pickup the authorizer but it seems to actually override the existing configuration where I then have to go in and setup the authorizer all over again for each path. That is definitely not scalable. I need a solution where I configure the authorizer once, really at the amplify project level and everything else I do from that point, inherits the authorizer. Is that possible?
I guess even to extend that further. I want to support multiple cognito user pools. Even if it was possible to default a single user pool, I'd really rather be able to default a group of user pools, with something like an array of user pools. Effectively, the ask would be to have an array of user pools provide auth to the API by simplfy configuring this one time on the API Gateway where those user pools would propogate to all the endpoints in that gateway. Obviously if I can do this via infrastructure as code (IaC) (, where I just deploy a new cognito user pool that is authorized, that is ideal. However, even if that is manual, I'd appreciate the option.
@@cliffjohnson8165 I was struggling with this for 3 days, and finally found a solution. To configure this automatically, you have to edit the cloudformation file of the API. In the formation file, you have the AWS::ApiGateway::RestApi Resource. In the body parameter, there is the OpenApi definition of the API and the paths. Here, in the "securityDefinitions", you can do
"securityDefinitions": {
"": {
"type": "apiKey",
"name": "Authorization",
"in": "header",
"x-amazon-apigateway-authtype": "cognito_user_pools",
"x-amazon-apigateway-authorizer": {
"type": "cognito_user_pools",
"providerARNs": [ ]
}
and then
"security": [
{
"": []
}
]
Take a look at docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html
Thanks! 🤜🤛
default Authorization when restricting API with "add auth" by Cognito is "Auth: AWS IAM" ?
Thanks!
I have been looking for a video like this for so long - just what I needed. Thank You.
Would it work in the same way for a Social login in (say Google or Facebook) using the Cognito Auth component?
Why when I update my API it deletes the Cognito Authorizer created from AWS Console?
How can i use amplify to configure the api gateway authorizer? So i can make i repeatedly?
Is there a clean way to prefill a users email into the pre-built auth component? I have a use case where I get a user's email through an on-boarding flow before they register.
How do you deploy updates to the lambda function?
Great video thx
Can you show how to create Authenticated REST API with private endpoint to VPC in AWS Amplify?
Would this work the same way if I chose to use the ExpressJS function?
Thanks
Maybe consider saying log instead of “log out” when printing because you’re constantly saying “log out user” when printing user to the console
Does this work for react native front end? If so, is there any documentation on this?
When we send this request, we can see jwt token in header, is it safe ?
Can we get a link to your extensions?
Please let me know how can I use RDS (MSSQL) datasource with aws appsync/amplify and how to connect with react js application
Hey, did you see this video? ruclips.net/video/pXd9BCwpjhA/видео.html
I used RDS with AppSync and a client application, but instead of MSSQL used Postgres, but the idea is similar.
how can i do the same with custom ui?
Thanks a lot, you unblocked me big time :)