Create Cognito Authorizer

To use an Amazon Cognito user pool with your API, you must first create an authorizer of the COGNITO_USER_POOLS type and then configure an API method to use that authorizer. After the API is deployed, the client must first sign the user in to the user pool, obtain an identity or access token for the user, and then call the API method with one of the tokens, which are typically set to the request’s Authorization header. The API call succeeds only if the required token is supplied and the supplied token is valid, otherwise, the client isn’t authorized to make the call because the client did not have credentials that could be authorized.

  1. In the AWS Management Console choose Services then search API Gateway
  2. Select the A realworld microservices API from the list of APIs
  3. Click on Authorizers to create a new Cognito Authorizer based on the Cognito User Pool created previously.
  4. Create a new Authorizer
    • Enter cognitoAuthorizer for the Name
    • Select Cognito as the Type
    • Select the previously created Cognito User Pool – real world microservice user pool
    • Enter the Token Source (HTTP Header name) as Authorization
    • Click on Create