I'm working on an API for my company. I'm trying to restrict external users from accessing specific methods of a specific endpoint using IAM + Cognito. Currently I have a single Cognito user pool, with two groups (internal and external). There are IAM roles set up for each group, with the correct permissions set for the API Gateway Resource(s). I'm just not sure how to finish hooking everything up to prevent external users from using the POST/PUT/DELETE methods.
Asked
Active
Viewed 22 times
