Trying to figure out how to control access to specific routes on my API using Cognito groups but I'm not getting anywhere with the AWS docs. Anyone have any good recommendations on how to achieve this?
With the JWT authorizer, see if you can include the Cognito group info in the JWT token’s scope, and then see if you can have the authorizer grant/reject the request based on the scope. I haven’t done something like this, u might need to google along this line.
Frank
05/19/2022, 7:30 PM
With the Lambda authorizer, u can pretty much do anything. It’s a bit more work as you’d need to create the function.
g
Geoff Seemueller
05/19/2022, 9:52 PM
Got it working! Found an example of someone using a pretokenGeneration trigger to map the user's cognito groups to scopes. link Then secured the route by setting authorizationScopes on the ApiHttpRouteProps of the handlers in the API Stack.
Geoff Seemueller
05/19/2022, 9:54 PM
Thanks again for the help. So thankful for the support.