Control and manage access to HTTP APIs in API Gateway (original) (raw)

API Gateway supports multiple mechanisms for controlling and managing access to your HTTP API:

• Lambda authorizers use Lambda functions to control access to APIs. For more information, see Control access to HTTP APIs with AWS Lambda authorizers.
• JWT authorizers use JSON web tokens to control access to APIs. For more information, see Control access to HTTP APIs with JWT authorizers in API Gateway.
• Standard AWS IAM roles and policies offer flexible and robust access controls. You can use IAM roles and policies to control who can create and manage your APIs, as well as who can invoke them. For more information, see Control access to HTTP APIs with IAM authorization in API Gateway.

To improve your security posture, we recommend that you configure an authorizer for all routes on your HTTP API. You might need to do this to comply with various compliance frameworks. For more information, seeAmazon API Gateway controls in the AWS Security Hub User Guide.

IP address types for HTTP APIs in API Gateway

Lambda authorizers

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.