AWS Security Blog

Tag: OAuth

Building fine-grained authorization using Amazon Cognito, API Gateway, and IAM

June 5, 2021: We’ve updated Figure 1: User request flow. Authorizing functionality of an application based on group membership is a best practice. If you’re building APIs with Amazon API Gateway and you need fine-grained access control for your users, you can use Amazon Cognito. Amazon Cognito allows you to use groups to create a […]

Read More

Use AWS Lambda authorizers with a third-party identity provider to secure Amazon API Gateway REST APIs

February 24, 2021: We updated this post to fix a typo in the IAM policy in the “Building a Lambda authorizer” section. Note: This post focuses on Amazon API Gateway REST APIs used with OAuth 2.0 and custom AWS Lambda authorizers. API Gateway also offers HTTP APIs, which provide native OAuth 2.0 features. For more […]

Read More

How to access secrets across AWS accounts by attaching resource-based policies

October 29, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. You can use AWS Secrets Manager to rotate, manage, and retrieve secrets such as database […]

Read More

How to rotate your Twitter API key and bearer token automatically with AWS Secrets Manager

October 24, 2019: Based on a customer’s feedback, we fixed some quotation marks and a missing comma in a policy statement. Previously, I showed you how to rotate Amazon RDS database credentials automatically with AWS Secrets Manager. In addition to database credentials, AWS Secrets Manager makes it easier to rotate, manage, and retrieve API keys, […]

Read More