I want to lock down my API and I am wondering the best way to do this.
I have approx 20 micro services that are using API gateway with a proxy that has a custom authorizer. This has a cloudfront distribution.
The issue with sending through an authorisation token (bearer) is that I am not getting the caching benefits of cloudfront for every new user. Therefore I am subject to two sets of cold starts which makes cloudfront pointless.
Should I switch to a lambda@edge authorisation method or should I continue with a custom authorizer. I would like to know the benefits of either approach. There is concern that if we use lambda@edge authorisation technique then we are leaving the proxy api (non cloudfront) wide open.
Thanks for your help!
