MicroPerimeter™ AWS API Gateway Authorizer

Goals

During this tutorial you will:

  1. Install MicroPerimeter™ AWS API Gateway Authorizer
  2. Create sample AWS APIs and protect it using MicroPerimeter™ AWS API Gateway Authorizer
  3. Testing AWS APIs protected by MicroPerimeter™ AWS API Gateway Authorizer
  4. Troubleshooting AWS APIs protected by MicroPerimeter™ AWS API Gateway Authorizer

Prerequisites

NOTE: If you require a demo of MicroPerimeter™ AWS API Gateway Authorizer zip package please reach out to our sales team at sales@cloudentity.com

Configure AWS CLI

To properly use aws cli, you need to set AWS Account id* and AWS region where you will be deploying MicroPerimeter™ AWS API Gateway Authorizer.

Export the following variables:

export ACCOUNT_ID=1234567890
export REGION=us-east-1

*Account id can be grabbed from: https://console.aws.amazon.com/billing/home?#/account -> Account Settings -> Account Id.

If you don’t have access to link above, please contact your supervisor for Account Id.

If you want to deploy MicroPerimeter™ AWS API Gateway Authorizer to a region other than us-east-1 change REGION accordingly.

The following custom policy document contains the needed permissions to allow working with Lambda Authorizer and API Gateway:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:CreateBucket",
                "iam:CreateRole",
                "iam:PutRolePolicy",
                "iam:PassRole",
                "lambda:CreateFunction",
                "lambda:InvokeFunction",
                "lambda:AddPermission",
                "apigateway:POST",
                "apigateway:GET",
                "apigateway:PUT"
            ],
            "Resource": "*"
        }
    ]
}