https://serverless-stack.com/ logo
#help
Title
# help
g

Geoff Seemueller

05/19/2022, 5:15 PM
Trying to figure out how to control access to specific routes on my API using Cognito groups but I'm not getting anywhere with the AWS docs. Anyone have any good recommendations on how to achieve this?
f

Frank

05/19/2022, 7:27 PM
Hey @Geoff Seemueller, I haven’t done this, but might be worth looking into the User Pool JWT authorizer and Lambda authorizer.
g

Geoff Seemueller

05/19/2022, 7:28 PM
Thanks @Frank - I'm going to give it a go
f

Frank

05/19/2022, 7:29 PM
With the JWT authorizer, see if you can include the Cognito group info in the JWT token’s scope, and then see if you can have the authorizer grant/reject the request based on the scope. I haven’t done something like this, u might need to google along this line.
With the Lambda authorizer, u can pretty much do anything. It’s a bit more work as you’d need to create the function.
g

Geoff Seemueller

05/19/2022, 9:52 PM
Got it working! Found an example of someone using a pretokenGeneration trigger to map the user's cognito groups to scopes. link Then secured the route by setting authorizationScopes on the ApiHttpRouteProps of the handlers in the API Stack.
Thanks again for the help. So thankful for the support.