Posted On: Sep 9, 2020

In addition to the previously supported OIDC/OAuth2 authorization option, customers can now secure Amazon API Gateway HTTP APIs using two new authorization options: Lambda authorizers and IAM authorizers. These new options enable customers to make flexible authorization decisions by providing an AWS Lambda function, or leveraging AWS IAM policies to control access to their APIs without writing any code.

APIs act as the "front door" for business logic and can have diverse security and authorization requirements. Lambda authorizers enable customers to implement custom authorization schemes that are tailored to their security requirements. For example, customers can use Lambda authorizers to build augmented OAuth2 flows or connect to external servers for authorization decisions. Alternatively, customers can use IAM authorizers to secure their APIs code free. IAM authorizers offer out of the box functionality for customers to leverage IAM identities and policies to control access to their APIs.

Lambda Authorizers and IAM Authorizers have been popular features in the REST API product. Given demand for these flexible authorization tools, we’ve brought them to HTTP APIs. Over time, popular features in REST APIs will be improved and migrated to HTTP APIs. 

These authorizers are generally available in all regions where API Gateway is available. To learn more about options for protecting your APIs, you can read the documentation. For more information about Amazon API Gateway, visit our product page.