2

I'm using AWS API gateway for an API I'm setting up, and I want to be able to use an existing AWS Directory Services Directory (Microsoft AD Enterprise) for authentication.

I'm not sure where to start.

Would I need to use a custom lambda function for authentication, and then write my own ldap authentication code?

I can't find any references to this scenario, of authenticating an API against AWS AD.

Any pointers would be greatly appreciated.

user1751825
  • 4,029
  • 1
  • 28
  • 58

1 Answers1

1

perhaps worth checking how configure AWS Directory Service as Federated Identity Provider in IAM, then how to retrieve access tokens from STS and ultimately configure API Gateway to use Authorization Method: AWS_IAM

for authentication - perhaps worth studying how configure federated identity in cognito

have a look at these slides https://www.slideshare.net/AmazonWebServices/aws-may-webinar-series-48671841

Nicholas
  • 452
  • 2
  • 10
  • I've just tried setting up a federated identity role and giving it access to invoke API's. This seems to work, except the identities now have permission to login to the AWS console. They can't actually do anything once logged in, but it still doesn't seem quite right having them able to sign in to the console when all they actually need to do is invoke API's. Is there a way I can federate identities without them getting access to the console? – user1751825 Sep 14 '17 at 05:50