0

I am trying to restrict user to just view its own data and not anyone else's. So, if a user (bob) tries to hit

/api/v1/get-device-info?username=jon

, I want API gateway to send 403, only allowing username=bob. On the Lambda side, I am getting data from RDS. To solve this, I was looking at Custom Authorizers and got blocked thinking how to establish the identity of the user making the query.

user3089927
  • 3,575
  • 8
  • 25
  • 33

1 Answers1

0

What do you mean "establish the identity of the user"? If you are using Custom Authorizers then the user should be sending a token in the request header that identifies them as your API's user.

bejos-aws
  • 79
  • 3
  • When you say token in the header, what should I be expecting in the header from the user? Do you mean using STS token? Apologies, have little knowledge about Custom Authorizers and trying to see how to make it work for my use-case. – user3089927 Jun 15 '17 at 03:51