0

I currently have an API on API Gateway (REST) that has a single proxy endpoint hooked up to an HTTP proxy integration. I have a cognito authorizer that authorizes incoming JWTs issued by Cognito and then if valid it forwards the request along to our ECS instance via an Application Load Balancer.

The project that is running in that instance requires the Authorization header to be there for authorization purposes. The problem is that header is not forwarded to the container. After much debugging, we determined that the header was going missing when the ALB isforwarding the request to the container (previously this question was asking about API Gateway because I assumed that's where things were going wrong). Other custom headers can go through but not "Authorization".

Does anyone have any experience persisting the Authorization header using ALB? I'm very new to ALB so still learning how to build these projects.

Jesse R
  • 194
  • 3
  • 14

2 Answers2

0

If you're passing a header Authorization, it will be remapped with X-Amzn-Remapped-Authorization by Amazon API Gateway REST APIs.

For more information, see this guide.

Skywalker
  • 41
  • 6
  • When I look at the headers that my container receives, that remapped header is not there. I looked at the cloudwatch logs and the header sent to the ALB url does have the "Authorization" header there. – Jesse R Jan 28 '21 at 16:34
  • Try disabling ALB attribute Drop invalid header fields as it could be a configuration error in the backend. – Skywalker Jan 29 '21 at 00:51
0

We actually had two rules on the alb. One redirecting the api call from port 80 to port 443, then a forward rule to the container. We discovered that the header went missing at the redirect rule, so we eliminated that and added listener on port 80 that forwarded the call to the ecs task.

Jesse R
  • 194
  • 3
  • 14