AWS Security Blog
Tag: OAuth
Building fine-grained authorization using Amazon Cognito, API Gateway, and IAM
June 5, 2021: We’ve updated Figure 1: User request flow. Authorizing functionality of an application based on group membership is a best practice. If you’re building APIs with Amazon API Gateway and you need fine-grained access control for your users, you can use Amazon Cognito. Amazon Cognito allows you to use groups to create a […]
Use AWS Lambda authorizers with a third-party identity provider to secure Amazon API Gateway REST APIs
February 24, 2021: We updated this post to fix a typo in the IAM policy in the “Building a Lambda authorizer” section. Note: This post focuses on Amazon API Gateway REST APIs used with OAuth 2.0 and custom AWS Lambda authorizers. API Gateway also offers HTTP APIs, which provide native OAuth 2.0 features. For more […]
How to access secrets across AWS accounts by attaching resource-based policies
October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. You can use AWS Secrets Manager to rotate, manage, and retrieve secrets such as database […]