How do I implement IAM authentication for APIs in API Gateway?

Aug 16, 2023

How do I implement IAM authentication for APIs in API Gateway?

Find more details on this topic, see the AWS Knowledge Center article associated with this video: https://repost.aws/knowledge-center/i…
Joely, an AWS Cloud Support Engineer, shows you how to implement IAM authentication for APIs in API Gateway.

Content

0.41 -> [Music]

8.63 -> [Music]

11.219 -> hello I'm jolly a cloud sport engineer

13.86 -> here at the AWS office in Sydney

15.86 -> sometimes customers ask me how do i

18.39 -> implement am authentication for api

20.88 -> squared with Amazon API gateway so let

23.64 -> me show you how in this video we'll use

26.31 -> the pet store example API

27.93 -> so first let's enable IEM authentication

31.5 -> for this API after logging into the AWS

34.62 -> management console navigate to the API

36.78 -> gateway console

39.48 -> select your API and make sure you're on

42.96 -> the resources select the method under

45.72 -> the resource you want to use to enable

47.88 -> the authentication for our example will

50.64 -> enable a.m. or 'the indication for the

52.71 -> get method for the pits resource select

55.59 -> the method request from the pane on the

57.3 -> right if you created your API using the

60.69 -> example API instructions the all setting

63.33 -> for the method request is set to none by

65.37 -> default select the pencil icon on the

68.07 -> right of authorization none it will

70.56 -> display a drop-down box that you can use

72.69 -> to change the authorization settings

74.69 -> let's change it from none to AWS I am

78.119 -> and then select the checkbox on the

80.67 -> right to confirm your choice will now

83.13 -> deploy this API to our stage by clicking

85.74 -> on the actions button under API actions

88.47 -> deploy API

91.1 -> because this is the first time we are

93.14 -> deploying this API will create a new

95.18 -> stage called demo and click on deploy

100.909 -> we can now invoke the stage with the

103.28 -> invoke URL displayed in the state editor

105.71 -> as we enabled IEM authentication on only

109.28 -> the get method for the pets resource by

111.829 -> default we'll still be able to invoke

113.509 -> the other methods of API such as the get

115.909 -> method for the route path let's test us

118.34 -> using postman I will now paste in the

121.579 -> rig URL I copied make sure the HTTP

124.759 -> method here is get now let's test this

127.46 -> by clicking on the same button as you

129.83 -> can see the status returned a 200 ok and

132.86 -> we can see the body produced here to

135.98 -> verify if the ìiím or the indication was

138.049 -> enabled let's try to invoke the get

140.33 -> method for the pets resource I'll now be

143.72 -> adding the pits path resource to the URL

146.349 -> now to test again let's hit Send

150.61 -> as expected we get a missing

153.01 -> authentication token error now let's set

155.77 -> up an individual IEM user to invoke this

158.32 -> API to do this we'll be moving back to

161.2 -> the console

162.84 -> open the IAM console

167.36 -> and then select users

171.87 -> choose add user and then name it demo

175.41 -> user select programmatic access so the

178.98 -> request can be authenticated with our

180.959 -> IEM credentials click Next permissions

184.2 -> and select attach existing policies

187.98 -> directly in terms of the permissions

190.769 -> policy we'll attach the Amazon API

193.019 -> gateway invoke full access policy to

195.629 -> grant the user permissions to invoke the

197.819 -> api's we'll use the search functionality

200.43 -> to search for the permissions policy

206.38 -> click Next Next and click on create user

212.02 -> to create the user

214.88 -> after the user has been created we can

217.79 -> now input the access and secret keys

219.62 -> into postman for testing so let's move

222.29 -> over to postman to test this using

225.35 -> postman use the access key ID and secret

227.66 -> access key under the authorization tab

230.21 -> click on the drop-down box under type

232.4 -> select AWS signature and enter the I am

236.69 -> uses access and Chris secret keys into

239.09 -> the corresponding access and secret key

241.07 -> fields specify an appropriate AWS region

245.18 -> that matches the regions specified in

247.1 -> the invocation URL and enter execute -

250.61 -> API and the service name

253.41 -> after everything has been filled out we

255.96 -> can now press the send button postman

258.239 -> will make a Sig V for signed requests to

260.25 -> the API as shown we're now able to

262.95 -> successfully invoke the API with the

264.96 -> newly created IEM user credentials to

268.8 -> recap today we learn how to implement

270.84 -> IEM authentication for APS and Amazon

273.51 -> API gateway by enabling authentication

275.91 -> for a particular resource method and

278.01 -> also adding the necessary permissions

279.87 -> for the IEM user thanks for watching and

283.41 -> happy cloud computing from all of us

285.3 -> here at AWS

286.77 -> [Music]

Source: https://www.youtube.com/watch?v=KXyATZctkmQ